Since mobile devices are often a security weakness for organizations, QR codes are designed to ease processes like image file transfers that can leave protected health data vulnerable.
Sophisticated bad guys can replace the genuine QR code with a copy to redirect users to a similar site where personal and patient data could be intercepted. They can also use emails to embed their fraudulent QR codes in seemingly legitimate emails, also known as “quishing”.
Healthcare IT News asked Sharat Potharaju, co-founder and CEO of Beaconstac, the company that provides a QR code platform, to discuss why matrix barcodes are attractive to cybercriminals and how organizations take care health can protect patient data from being compromised by QR code mining.
Q: What is QR code mining and how vulnerable are healthcare IT systems?
ONE. “Scan scams” have become an almost daily occurrence, increasing more than sevenfold by 2022.
In particular, QR code fraud puts patients and healthcare organizations at risk of identity theft, data breaches, and malware infections. Cybercriminals trick patients or staff into scanning a QR code, which sends them to a seemingly legitimate website and prompts them to share personal data or login information.
Hackers steal sensitive information, such as medical history, insurance information, social security numbers or other personally identifiable data, to gain access to patient portals, provider networks and other digital services.
Because it has a marketplace on the dark web, patient data is a very attractive target. In fact, a patient record sells for up to $1,000 on the black market, depending on how detailed it is. That dollar amount is almost 50 times higher than a standard credit card profile.
Q: How can HIT block such exploits? Can healthcare organizations still use QR codes?
ONE. QR codes help organizations improve communication, transparency, and information between providers, caregivers, and patients.
To secure this technology, healthcare organizations should take advantage of QR code generators with built-in features such as single sign-on, multi-factor authentication, custom domains, and user management.
The second important part is the QR code platform with incident management tools and security measures that are subject to regular comprehensive testing.
However, education also helps prevent QR code exploitation. Healthcare organizations must train their staff and patients on the safe use of QR codes, including how to identify and avoid phishing, malware, and other security threats.
Q: How do we help patients and others feel safe online using QR codes?
ONE. Encourage patients to verify the authenticity of the QR code they scan before sharing personal information.
Many people open a link immediately after scanning the QR code without even checking the link, which poses a privacy and security risk. Patients should check the URL of the website or app associated with the QR code or use a reputable QR code scanning app to confirm the credibility of the destination.
Patients should also only scan QR codes from verified sources, such as their healthcare provider’s website, app, or printed material. If the QR code looks suspicious or comes from an unknown source, the patient should not scan it.
In addition, patients must exercise caution when sharing personal data — such as medical history or insurance information — via QR codes. They should only give this information to trusted healthcare providers who provide proof that the information is transmitted securely and encrypted.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
![How to Start a Health and Fitness Business [Free Guide]](https://news7g.com/wp-content/uploads/2022/03/guide-to-starting-a-health-and-fitness-business-fb-feature-1024x538-390x220.png)
