Guest post by Eduard Goodman, chief privacy officer, IDT911.
Earlier this year, Centene Corporation lost six hard drives containing personal and health information of almost one million of its clients, including names, addresses, dates of birth, Social Security numbers, member identification numbers and health information. Unfortunately, Centene is only one of many healthcare organizations that recently had their sensitive patient information exposed. More than 113 million health records were breached in 2015 – which translates to one out of every three Americans being affected by a healthcare record breach last year. Medical identity theft is a disastrous trend that needs to be addressed. The good news is there are many steps healthcare organizations can take to reduce the risk of data breaches.
Electronic Health Records
As more and more healthcare organizations transition away from paper medical records and move to electronic health records, it is critical that security features are put in place to protect the vast amount of data being collected. Just as the digitally stored health information is more easily accessible for employees, it is also easier for cyber criminals to access. According to the Ponemon Institute’s The State of Cybersecurity in Healthcare Organizations in 2016 report, nearly half of those surveyed said their organizations have experienced an incident involving the loss or exposure of patient information during the last year. Strong encryption, routine vulnerability patches and multi-factor authentication are key to protect health data.
Mobile and BYOD
Greater connectivity means more convenience, but this also opens more doors for hackers to access healthcare networks. Healthcare organizations should set clear BYOD policies so employees understand what can and cannot be accessed from mobile devices, what operating systems are approved for use on the network, what security features and settings are required and what type of data can be stored on devices. While using mobile devices can significantly improve productivity, it is important to minimize security risks in order to protect sensitive data.
Internet of Things
The Internet of Things is a growing trend in the tech world that has also become popular in the healthcare industry. Now, medical devices can collect, track and share enormous amounts of data instantly through internet connectivity. As these medical devices were most likely added to pre-existing networks, they may not have the necessary security protections. Security vulnerabilities are not just limited to EHR and health networks anymore – medical devices must be thoroughly inspected as well. Just as computers and servers are patched for vulnerabilities, medical devices that connect to healthcare networks must also be regularly patched. If these IoT enabled devices do not have the necessary layers of security, they will become an easy target for hackers to access the healthcare network.
The need for strong cybersecurity in healthcare organizations comes from the fact that health data is so valuable. Medical data sells for as much as 10 times what financial data fetches on the black market, so it is no wonder hackers are targeting healthcare organizations now more than ever. Criminal attacks in healthcare increased 125 percent over the last five years and are now the leading cause of data breaches. Medical identity theft is incredibly dangerous because beyond financial risks, victims’ wellbeing could be in jeopardy. With a stolen medical identity, cyber criminals are able to exploit drug prescriptions, obtain medical treatment and procedures that can drain insurance coverage and contaminate health records.
To reduce the chances of hackers gaining access to this valuable data, healthcare organizations must have the proper security measures in place. Technological advances can lead to more efficiency, productivity and convenience in the healthcare workplace, but it is extremely important that privacy and security are an even higher priority.