Did You Know 34% of Healthcare Records in the US Have Been Breached?
Data breaches are a costly threat to health care, and unfortunately, nobody is free from the worry. With 10 out of 20 organizations having suffered a data breach in the last 24 months, that means as much as 34% of all health care records in the United States have been exposed.
The Real Cost of a Data Breach
The healthcare industry loses $6 billion dollars annually as a result of data breaches. It may be surprising to know that the average cost to a healthcare organization after suffering a data breach is $3.5 million dollars.
Healthcare records are quite valuable in the world of cyber crime – having a value fifty times that of a credit card number. One may wonder why this is so, and the answer is simple. Healthcare records have several characteristics that credit card numbers do not, making them ideal targets for data and information theft. These characteristics are as follows:
- They provide a basis for insurance fraud
- They offer an opportunity for blackmail
- They can be used to obtain illicit drugs
- They contain high quality and incredibly personal information
Credit cards can easily and quickly be cancelled and reissued, meaning the numbers are useless to cybercriminals. Healthcare records, on the other hand, contain a lot of personal information, including social security numbers, contact information, and other details that could potentially be used to steal a person’s entire identity.
Victims of medical identity theft spend an average of $13,500 on restoring credit correcting health records and reimbursing insurance providers for fraudulent claims. More concerning is the fact that 65% of health care providers offer their patients no protection services for those who have had their information breached.
Patient Information at Risk
There are several types of patient information that is vulnerable to theft during a data breach. Thieves will have access to such sensitive data as:
- Payment details
- Prescription information
- Medical records
- Scheduling details
According to the U.S. Department of Health and Human Services for Civil Rights, in 2014 alone, 1.6 million patients were victims of such an attack, having their medical information stolen from healthcare providers.
Data Security Threats
When it comes to data security, there are a variety of threats that could result in putting data at risk. These risks include:
- Lost or stolen computers and hardware
- Glitches in technical systems
- Criminal attacks
- Unintentional employee actions
- Mistakes made by third parties
Oftentimes breaches of security are discovered by employees or audits or after patient complaints come forward. Lack of education is the heart of the problem here, with only 77% of healthcare organizations requiring staff to have both security and privacy training.
Facts and Figures Don’t Lie
There is good reason why half of all healthcare organization have little to no confidence in their abilities to detect patient data loss or theft. The numbers speak for themselves:
- 41% of healthcare providers do not use encryption to make their data unreadable to unauthorized users
- 51% do not have the necessary technology required to quickly detect or prevent data breaches
- 42% have no policies in place to prevent or detect any unauthorized access to patient data, as well as loss or theft
- 47% do not have the level of technical expertise to properly identify and resolve data breaches
Statistics like those listed above draw attention to the fact that cybersecurity needs to be made a priority for all healthcare providers.
How to Minimize The Risks
Many measures can be taken to ensure a more secure environment for patient data and records, both operationally and technically. Good cybersecurity practices on a technical level include:
- Two factor authentication
- Antimalware software
- Patch management
On an operational level, the following controls can be implemented to minimize security risks and remain compliant:
- Establishing security policies
- Ongoing user awareness and training
- Having a formal security assessment process
- Developing a security incident plan
How to Ensure HIPAA Compliance
Failure to remain compliant with HIPAA regulations can result in costly fines, loss of patient trust, and damage to your reputation. By adhering to the following steps, you can ensure you remain compliant:
- Thorough assessment of the systems will bring to light any weak points or vulnerabilities that could result in a data breach
- Comprehensive backup for data and applications both onsite and in the cloud to allow for fast recovery in the result of a disaster
- Appropriate technical safeguards, including firewalls, antivirus software, web content filtering and more must be in place.
- Regularly updated policies and procedures to guarantee all employees are working in compliance with HIPAA regulations
Discover what Apex can do to help you maintain HIPAA compliance. Contact us at (800) 310-2739 or email us at firstname.lastname@example.org to learn about our managed IT services for healthcare organizations in Central and Northern California.