CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

The Ongoing Threat of Health Care Data Breaches




Health care data breaches are on the rise. In 2018, there were numerous high-profile breaches and a much large number of smaller ones.

In November, personal information of more than 2 million patients of Charlotte, North Carolina-based Atrium Health was compromised, including billing information, Social Security numbers, addresses and dates of birth. The hack affected an Atrium billing vendor, AccuDoc.


In July, UnityPoint Health of West Des Moines, Iowa, alerted 1.4 million patients that personal information might have been compromised. A hacker, the company said, used phishing tactics to gain access to its email system and may have accessed health and financial data.


In 2015, an unprecedented data breach exposed the personal information of 79 million people. Anthem Inc., the largest health insurance company in the U.S., settled litigation over the hacking for $115 million.


In 2017, over 477 health care breaches were reported to the U.S. Department of Health and Human Services (HHS), affecting more than 5.6 million patient records. As of the end of August of this year, the number of breaches was 229, but affected 6.1 million people.


Potential Impacts of Data Breaches


The impacts of data breaches for patients can be severe. Information can be used to steal a medical identity, which a thief can use to get care and prescription drugs and file insurance claims. A stolen medical identity is harder to detect than a financial one. They are also costly and time-consuming to fix. A medical record that contains incorrect information due to a stolen identity could result in mistakes being made in care.

Hackers could also potentially use stolen medical information to blackmail or harass someone. Health care organizations also have financial information for their patients that a breach could leave compromised.


Data breaches are also exceptionally costly for the organizations to which they occur. After a cybersecurity incident is discovered, a company needs to alert the victims of the incident and fix the gap in security, both of which can be expensive. The event can also result in costly damage to reputation. After a breach, approximately 7 percent of patients will switch to a new provider. Breaches may also result in fines and lawsuits.

Combining all these factors, each record compromised in a health care data breach costs the affected organization approximately $700, or $7 million for every 10,000 records, according to a recent analysis.


How to Protect Against Data Breaches


All health care organizations need to take steps to prevent and prepare for data breaches. The frequency of these incidents is rising, and no organization is immune. Every health care company needs to have an in-house cybersecurity team or work with outside cybersecurity professionals. Tips for preventing data breaches include:

· Keeping cybersecurity products updated: Hackers are continually coming up with new strategies for stealing personal information, so organizations need to ensure they keep their cybersecurity products and practices up to date. Today, there are numerous advanced end-point detection and response (EDR) products that go further than traditional anti-virus software. You should also invest in a high-quality email security architecture.


· Testing frequently: Hackers are always looking for vulnerabilities to exploit in your system, so you need to run frequent penetration and vulnerability tests to ensure you find those issues before they do.


· Providing training: Training all employees that may come into contact with sensitive data in cybersecurity best practices can help prevent a large number of attacks. Data management training can help them ensure they don't accidentally expose personal data. Train staff in other types of attacks, too. Training employees on how to detect fraudulent emails, for example, can help prevent phishing scams.

The risk of health care data breaches is not going away anytime soon. Every organization in the health care sector that handles sensitive data needs to take steps to avoid becoming the victim of the next incident.


Written by:


Kayla Matthews

tech journalist & writer http://productivitybytes.com

SOCIALS 

SUBSCRIBE 

 Keeping you informed | Latest News 

© 2018 Dr. Chaos 

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM