Data Security is The Biggest Concern of Health Care
More than 750 data breaches occurred in 2015, the top seven of which opened over 193 million personal records to fraud and identity theft. The top three breaches of data security were from the health care industry.
The largest health care breach ever recorded was that of the health insurance company, Anthem. The breach exposed the personal records — including names, birth dates, Social Security numbers, home addresses and other personal info — of 78.8 million current and former members and employees of Anthem.
Other major health care cyber attacks and data breaches include Excellus BlueCross BlueShield and Premera Blue Cross. These breaches alone exposed the information of more than 21 million members.
The attacks didn’t stop in 2015. In June 2016 alone, more than 11 million health care records were exposed because of cyber attacks. According to a new survey conducted by Ponemon, the private research institute, the average cost to health care organizations per record breached is $355, compared to $158 per lost or stolen record in other industries. The average total cost of a data breach for the 383 companies who participated in the Ponemon research was $4 million. Looking at these numbers, it is obvious that cyber and data security is a major concern to health care.
Healthcare is adopting technological innovations at record speed. From kiosks at check-in points for physician visits to advancements in genomics and genetics, technology is everywhere. Patients are embracing the use of technology because it’s increasing access to care, improving satisfaction, and even controlling some healthcare spending.
However, changes have many people wondering if dangers could be lurking behind these innovations. It seems that no industry or organization is safe from cybersecurity concerns. Over the past few years, the healthcare industry has seen a steady increase in hacking and IT security incidents that have patients and providers struggling to decide the best ways to protect their data. As healthcare moves forward with exciting advancements like artificial intelligence (AI) and big data, users and providers everywhere need to be fully aware of the risks to patient data security.
Data is Everywhere
It’s imperative that patients and healthcare workers are tech-savvy in today’s cyberattack culture. More people are using apps, attending telemedicine visits, and scheduling appointments through online portals than ever before. While the ease of access to information is helpful, it can also pose major risks if users don’t choose smart passwords, ensure sites are safe and secure before enrolling, and safeguard their health information before sharing it with others.
As electronic medical records started showing up in facilities everywhere, the government passed the Health Insurance Portability and Accountability Act of 1996. This law placed protections around patient data and required healthcare providers and facilities to establish policies and security safeguards to protect health information whether it was stored on paper, on a computer, or in the cloud. Not only does HIPAA preserve a patient’s information, but it also gives them the right to review their files to find out who has access to their data.
Healthcare Data Breaches
UWith any booming growth comes pain points. Cyberattacks and breaches have been increasing in every industry, and the healthcare industry is no exception. With the widespread use and integration of electronic health records, there is plenty of incentive for cybercriminals to seek out this sensitive data. According to the HIPAA Journal, 2015 was a record year for data breaches in healthcare. Exposed or stolen records that year surpassed the previous six years combined with over 113 million records being compromised. Out of this number, 78.8 million patient records were taken in one cyberattack.
Fast forward to 2018, and you’ll find more sophisticated attacks. Ransomware, phishing attacks, and insider errors plagued the technology landscape in healthcare, and it’s not just hospitals or providers under attack. Med Associates, a healthcare billing claims vendor, was hacked by a cybercriminal that may have accessed 270,000 patient records, which included Social Security numbers. Another attack happened at HealthEquity, a health saving account firm when an unauthorized user located two employee email accounts. The data leaked include names, health savings plan types, employer names, and health plan names, and Social Security numbers.
Financial Data Breaches
Healthcare service providers has to deal with lot of financial information such as Debit/Credit/Prepaid Cards which are issued by Visa/Master/Amex/Discover and healthcare transactions also include payment modes like checking accounts which has direct banking information like Account Number and Routing Number.
Sometimes, the third party payment modes such as Paypal, Xoom, Amazonpay etc are also involved in the transactions. Hence, it makes very tough to find out the breaches as various institution are involved with same transaction from Customer to Healthcare Facility to Bank to Issuing Authority to Third party provider to Payment Processing Merchants.
Enlisting the Help of Professionals
Technology in healthcare is a booming industry and for a good reason. Advancements are solving many of the issues the industry faces, such as lack of access, limited portability of information, and rapidly increasing costs.
However, doctors and healthcare administrators only know so much when it comes to protecting sensitive healthcare data. Many cybersecurity resources are available, but without IT database professionals and those with cybercrimes training, health networks can only make so much progress. Here are a few ways a connection with an IT professional can help facilities protect patient data and minimize breaches:
Your data should only be accessible to authorized users and those you intend to share the information. Encrypting information protects the integrity of documents, images, and messages. IT professionals are trained not only to protect your information through encryption, but to ensure compliance with HIPAA security rules.
This might seem like a simple step in the process of information management and data security. Many organizations are transitioning to cloud-based applications that offer greater levels of security but can leave the practice’s IT infrastructure open to breaches such as stolen passwords or malware. IT professionals can take an inventory of potential access weaknesses and build a strategy to help healthcare organizations strengthen their control of access issues.
EHR vendors create basic authentication processes, like unique login names and passwords for users. They might also give a list of cybersecurity tips for users that help individuals when setting up accounts. However, those in the IT industry say this might not be enough.
IT professionals recommend changing passwords often and increasing their complexity to foil hackers. Using a two-factor authentication process provides a more sophisticated way of protecting your data. This method combines a password with biometric identification such as asking the user for a PIN or thumbprint to verify their identity.
Providing Secure Remote Access
Cloud-based systems are set up for remote users to access data securely. However, if a practice has a client-server network, letting staff remotely access data is a bit trickier. IT professionals can assist providers in creating policies and procedures that protect against infected home computer systems and insecure network sessions through the use of a virtual private network or VPN. A VPN encrypts all of the data in transit by providing a temporary connection from an office computer to an employee’s home computer through the use of a public internet connection.
Adopting Role-Based Access Rules
A secretary doesn’t need the same level of access to data as a nurse or doctor. By creating role-based access, you can identify which job descriptions within an organization need to have access to certain types of data and create rules across the board. IT professionals understand the processes behind role-based policies and how to implement this safeguard technique to practices of any size.
The Future of Healthcare Data Security
As the healthcare industry embraces more technology, the need for new and groundbreaking security measures will increase. The future of medicine is bright, but hackers and cybersecurity breaches can dampen the brightness of the future for those who are not well-prepared.
DATA SECURITY – PROGRAM PARTNERS