Cybersecurity Experts’ 9 Best Ways to Keep Your Health Data Private

Updated: Sep. 26, 2023

Healthcare data breaches can have worse consequences than you might imagine. Here's how security experts say you can protect your health data—this includes choices you make on social media.

Mid adult man with beard and glasses texting in office
10'000 Hours/Getty Images

Data breaches are becoming more common—and new reports show the healthcare sector is getting hit especially hard. In 2022, an average of 1.94 healthcare data breaches compromising more than 500 records were recorded every day, according to the HIPAA Journal. “With telemedicine being so popular now, there’s a lot more information being shared in ways it wasn’t before,” explains Amir Tarighat, Co-Founder and CEO of cybersecurity startup Agency.

Healthcare data doesn’t just refer to copies of an X-ray. It can include a vast range of private information, and once it gets out there, it can exist in perpetuity, Tarighat says. While companies like Agency help people secure their data after a leak, it can be a lengthy, difficult process, and not just logistically. Research shows that data breaches contribute to serious emotional and mental distress. “That’s why prevention is so important, making sure you don’t share your data in a nonsecure way.”

8 Ways to Save on Your Health Care

Medical record in electronic form. Digital EMR with patient health care information. Doctor using tablet in hospital or clinic. Personal data in mobile device.
Tero Vesalainen/Getty Images

Here’s why it is so critical to protect your healthcare data

Healthcare data is in very high demand, says Lisa Melamed, president of compliance and risk management at SCALE Healthcare. “[Healthcare data] theft has become extremely lucrative, and without the proper protections, it’s easy to steal,” Melamed says. She adds that criminals who steal social security numbers get approximately $1 per number and $5 per credit card number on the Dark Web. That’s in contrast to healthcare data, which can fetch between $250 to $1,000 per record.

“Patients who have had their health data stolen can be subjected to not only identity theft, which as we all know is expensive and can draw out for years to correct,” she says. “It can also delay treatment and prescription drugs due to fraudulent insurance claims, blackmail, or financial fraud attempts.”

47 Secrets Hospitals Don’t Want to Tell You

Website sign in button

How to protect health data

1. Use unique passwords everywhere

“The first thing you have to do is make sure every single place you use a password, that password is unique,” Tarighat says. Making a password longer—12 characters or more—is usually the easiest way to make it safer. And a password manager can help you keep track of long, safe, unique passwords throughout your digital presence.

From READER’S DIGEST: How to Create Good Passwords

Padlock of Cyber Security Digital Data, Digital Data Network Protection, Global Network 5g High-Speed Internet Connection and Big Data Analysis Future Background Concept. 3d rendering
KanawatTH/Getty Images

2. Check an app’s security processes

If you’re using a health app, review the privacy policy and terms of service to make sure you understand how your data is being collected and shared, Melamed says. “They may have a provision that allows sharing with unnamed third parties.” You’ll also want to look for things like end-to-end encryption, strong authentication protocols, and regular app updates to address vulnerabilities.

There are additional professional standards for security you can check for, Tarighat says, such as SOC 2 and ISO 27001. These are audited frameworks for security that ensure a company or app is meeting a formal standard regarding your data protection.

From READER’S DIGEST: How to Prevent Companies from Buying and Selling Your Personal Information

Close-up of patient signing medical form before dental procedure at dentist's office.
Drazen Zigic/Getty Images

3. Confirm HIPAA compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a set of national standards protecting patient health information from being disclosed without consent. Before sharing identifiable personal health information, it’s important to check an app’s terms and conditions to ensure it’s HIPAA-compliant, says Shashank Agarwal, a data scientist and senior decision expert at CVS Health.

Keep in mind that apps that collect non-identifiable information, like your heart rate, are not required to be HIPAA-compliant. These apps are usually cataloged under health, wellness, and fitness, but since they’re not used for medical purposes, they can get around HIPAA requirements, says Ryan Montgomery, co-founder of the cybersecurity platform Pentester. That means they may share data with third parties, so use extra discretion.

From READER’S DIGEST: 20 Cyber Security Secrets Hackers Don’t Want You to Know

Close up of women's hands holding smartphone
PixelsEffect/Getty Images

4. Download apps from reliable sources

Operating systems like iOS and Windows have made it easier to understand what permissions you’re granting apps, Tarighat says. “They give you a clear disclaimer, only the operating system can really turn on those permissions.” That’s why you only want to download applications from authorized app stores like the Google Play Store or Apple App Store, he says.

From READER’S DIGEST: Someone May Be Spying on You If You Have These Apps

Entrepreneur hands signing contract on phone at night
Pheelings Media/Getty Images

5. Go easy on granting app permissions

That said, any application that requests permission to access your information shouldn’t be blindly trusted, Montgomery says. “For example, you’ll see posts with titles such as, ‘How happy of a person are you? Click here to find out.’ Those apps then request unnecessary permissions, which can expose sensitive data you may not want shared or collected,” he explains.

Agarwal adds that sharing access to your stored drive folder or camera photos, in particular, exposes a high risk of personal data leakage.

From READER’S DIGEST: Top Security Threats of Smartphones

Over the shoulder view of young woman using mobile app with Two-Factor Authentication (2FA) security system to access online bank account via laptop
Oscar Wong/Getty Images

6. Set up two-factor (or multi-factor) authentication

These days, many apps and digital platforms offer two-factor authentication (2FA)—so if you see it, enable it. “[This] adds an extra layer of protection to your accounts, making it harder for unauthorized users to get access even if they have the password,” Montgomery says. If a service you use doesn’t support 2FA (Twitter recently revoked this security for non-paying users,) you can use apps like Google Authenticator that generate one-time passcodes.

2FA is especially important for your social media accounts, Tarighat says. “What we often see is an attack called a SIM swap, where someone has your phone number and using that, one of the main targets is to reset your social media password,” he says. “By having 2FA, you bypass that kind of attack, which is fairly common nowadays.”

If Your Attention Span Is Burnt Out, a Leading Scientist’s Simple Fix Will Come as Relief

smartphone with incoming call from unknown person
ronstik/Getty Images

7. Stay ahead of common scams

“You have to be careful about emails, text messages, and other social engineering attacks where someone is contacting you,” Tarighat says. They may pretend to be from a government agency or a company you normally do business with, send fake confirmation or delivery emails, or direct you to a fake site through a misspelled URL. “If you’re unable to confirm who it is, you don’t want to share any private data,” he says. “Unfortunately, these are the most common scams where the individual is targeted in their personal lives.”

From READER’S DIGEST: 14 Online Scams You Need to Be Aware Of—and How to Avoid Them

Update computer
PashaIgnatov/Getty Images

8. Keep your software up-to-date

Software companies fix flaws in their systems via updates—and sometimes, those updates have to do with security measures. Operating systems have built-in functions to prevent attacks, but because cyber threats are always evolving, developers have to keep adapting their security, too. Skipping updates can leave your devices vulnerable to these routine privacy patches.

From READER’S DIGEST: 6 Reasons Your Phone Is So Slow—and How to Speed It Up

Woman using social media microblogging app on her phone
grinvalds/Getty Images

9. Be discrete on social media

Don’t post sensitive information, such as medical conditions, treatment plans, or lab results on social media, as they can be used to identify and exploit you, Agarwal advises. He also says it’s a good idea to tweak the default privacy settings on your social platforms to control who has access to your information.

Beyond that, “remember that if you post about a health condition online—like on a message board—it’s not protected under HIPAA or state laws,” Melamed says.

For more guidance on protecting and securing your health information online, Melamed points to for extra resources.

Manage your wellness with The Healthy @Reader’s Digest newsletter and follow The Healthy on Facebook, Instagram, and Twitter. Keep reading: