Data breaches are a costly threat to health care, and unfortunately, nobody is free from the worry. With 10 out of 20 organizations having suffered a data breach in the last 24 months, that means as much as 34% of all health care records in the United States have been exposed.
The healthcare industry loses $6 billion dollars annually as a result of data breaches. It may be surprising to know that the average cost to a healthcare organization after suffering a data breach is $3.5 million dollars.
Healthcare records are quite valuable in the world of cyber crime – having a value fifty times that of a credit card number. One may wonder why this is so, and the answer is simple. Healthcare records have several characteristics that credit card numbers do not, making them ideal targets for data and information theft. These characteristics are as follows:
Credit cards can easily and quickly be cancelled and reissued, meaning the numbers are useless to cybercriminals. Healthcare records, on the other hand, contain a lot of personal information, including social security numbers, contact information, and other details that could potentially be used to steal a person’s entire identity.
Victims of medical identity theft spend an average of $13,500 on restoring credit correcting health records and reimbursing insurance providers for fraudulent claims. More concerning is the fact that 65% of health care providers offer their patients no protection services for those who have had their information breached.
There are several types of patient information that is vulnerable to theft during a data breach. Thieves will have access to such sensitive data as:
According to the U.S. Department of Health and Human Services for Civil Rights, in 2014 alone, 1.6 million patients were victims of such an attack, having their medical information stolen from healthcare providers.
When it comes to data security, there are a variety of threats that could result in putting data at risk. These risks include:
Oftentimes breaches of security are discovered by employees or audits or after patient complaints come forward. Lack of education is the heart of the problem here, with only 77% of healthcare organizations requiring staff to have both security and privacy training.
There is good reason why half of all healthcare organization have little to no confidence in their abilities to detect patient data loss or theft. The numbers speak for themselves:
Statistics like those listed above draw attention to the fact that cybersecurity needs to be made a priority for all healthcare providers.
Many measures can be taken to ensure a more secure environment for patient data and records, both operationally and technically. Good cybersecurity practices on a technical level include:
On an operational level, the following controls can be implemented to minimize security risks and remain compliant:
Failure to remain compliant with HIPAA regulations can result in costly fines, loss of patient trust, and damage to your reputation. By adhering to the following steps, you can ensure you remain compliant:
Discover what Where To Start can do to help you maintain HIPAA compliance. Contact us at firstname.lastname@example.org to learn about our managed IT services for healthcare organizations in San Francisco.