From time to time, many of us have likely had an uncanny feeling that a ghost might be lurking nearby. It might be a chill up the spine, or an unusual noise in an otherwise empty house, or movement seen out of the corner of our eye.
For others, ghosts are much more substantial though equally hard to explain. Such is the case when a romantic interest abruptly disappears, vanishing without a trace—or explanation. It’s become known colloquially as ghosting. Though it may be painful, it is not supernatural.
A growing trend in cyber crime has redefined the idea of ghosting and taken it to a new low. This trend involves targeting members of the death care industry: hospitals, hospices, cemeteries, crematoriums, and funeral homes. Beneficiaries and survivors could all suffer financially from such shameless attacks. Death care providers also face considerable liability risks.
Life After Death
Ghosting is a type of identity theft in which cybercriminals gather details from decedents, such as social security numbers and bank account information, and use this data for financial gain. Part of the issue in this scenario is the lag in records and information updates, which gives thieves a wide window in which to act.
Understandably, survivors may be in a period of grieving and their lost loved one’s personal information is near the bottom of their priorities. On top of that, a death is a stressful period that requires quick planning on multiple fronts, including funeral arrangements and notifying friends and family, followed by sorting out affairs and inheritance. All this can leave survivors distracted.
However, while alive the deceased likely had a wide range of involvements, whether personal or through government services. This requires a lot of loose ends to tie. In the eyes of these services, the individual is still alive and able to do what the living can, such as opening a new credit card. To combat identity theft, LifeLock recommends notifying providers as soon as possible, including the Internal Revenue Service, Social Security Administration, and credit reporting agencies.
Although there are many similarities between the healthcare and death care industries, the former is much more heavily regulated and must meet far more stringent security and privacy standards, such as HIPAA. The lax requirements in the death care industry in respect to the sensitive information to which they have access makes them low-hanging fruit for cybercriminals.
As reported by the law firm McElroy, Deutsch, Mulvaney & Carpenter, LLP, the Griffin Funeral Home in Louisiana was the victim of a data breach when hackers penetrated the provider’s computer network. The firm reports that such attacks can be used for large-scale ghosting schemes. The firm further notes that such a breach can put a death care provider at liability for major legal consequences.
Services for decedents are not the only targets in death care. While loved ones try to spend the final moments of a dying person’s life with them in hospice, cybercriminals can also find opportunity in this distraction. St. Croix Hospice is an end-of-life care provider in the Midwest, and in 2019 it suffered a data breach that compromised the personal information of more than 21,000 patients.
Death care providers must acknowledge that their industry is just as subject to a data breach as any other sector, regardless of their size. In many ways the death care industry has kept up with technology in managing its business side of affairs. Such business matters include employees bringing their own devices or storing records. These, of course, can make a death care provider vulnerable.
The healthcare industry must meet strict compliance to honor patient privacy and sensitive information, and death care providers should approach their treatment of confidential data as those who treat the living do. A good rule to follow is HIPAA compliance. The SecureDrive family of hardware-encrypted and FIPS-validated portable storage drives are designed to help healthcare providers perform business while meeting government-regulated standards for the storage of protected personal information.
The Cloud can be a reliable storage solution, but uploading information to your cloud service can expose the data unless it is encrypted. USBtoCloud is an excellent solution that automatically sends data to your preferred cloud service using data encryption while in transit. For external storage solutions that offer data protection from cybercriminals, SecureDrive and SecureUSB provide unrivaled protection for your business-critical data.
For more information on how to safeguard your death care business, contact one of our SecureDrive experts today at 1-424-363-8535.