In recent times, over 1,000 health care organizations have experienced network breaches causing overwhelming amounts of protected health data to be compromised. Infiltrating the networks of health care facilities is an alarming trend among hackers, but what is the allure? Health care facilities carry some of the most sensitive reserves of data files across the board, supplying hackers with the kind of sensitive information that has limitless potential to not only effect the health care organization that they have infiltrated, but also the patients involved in the breach.
To learn more about protecting patient information, check out the infographic below created by the University of Illinois at Chicago’s online programs in Health Informatics and Health Information Management.
What Hackers are Stealing
From social security numbers to home addresses, hackers can wreak havoc on an organization with nothing more than a couple keystrokes. Take HIPAA laws into consideration along with the need for patient privacy in conjunction with certain illnesses and health care workers have a challenging, but vital, task ahead of them.
But is the problem really that bad?
Unfortunately, it is less difficult to find facilities that have not been hacked than those who have. In fact, 89% of health care organizations have already experienced a breach of some kind over the course of their time in operation. These incidents resulted in 1/3 of Americans experiencing data breaches as patients.
This talked-about problem will only continue to grow as time marches on. According to Accenture, between 2015 and 2019, it is projected that 25 million Americans will have their data stolen from their health care provider’s digitalized record base. This is one reason it is so important to take care of problems now so that you can better prepare for tomorrow.
Top Three Health care Data Breaches
76% of Americans are concerned about their medical and personal data being targeted by hackers and their concerns are very relevant. One by one, health care giants are being singled out and forced to rethink their security practices. In fact, Anthem alone reports a breach of 78,800,000 records. In recent years, Premera was also the victim of a 11,000,000-record breach.
How Data Breaches are Occuring
A breach can happen in a variety of different ways. However, one of the most common causes of breaches within the health care field is simply human error. Health care workers who use unauthorized cloud based apps can leave a patient’s information vulnerable to an attack. Other everyday problems like weak passwords, shared passwords between healthcare providers, stolen backup discs and poorly protected servers only add to the problem.
The Year in Health care Hacking
At the time of this article, 142 instances of health care data breaches were reported to the Department of Health and Human Services for the year 2016. Overall, over 500 records were involved in these recent hacks. A staggering 78% of these breaches were related to loss and/or theft. 63% were a result of improper disposal. 60% of breaches were due to hacking and only 6% were a result of unauthorized access. From employee-owned devices to simple employee negligence, hackers are taking advantage of vulnerabilities and human error alike when and where they can.
Malware and DOS attacks are now becoming commonplace and a real concern for health care networks. However, among the most problematic issues this year was Ransomware. This growing phishing scheme made headlines as a timely reminder for health care professionals to take their security seriously and to always keep patient confidentiality at the forefront of their minds.
Taking Steps to a Safer Tomorrow
The Health Insurance Portability and Accountability Act adopted the Breach Notification Rule as a means to help protect patients and keep health care teams accountable for the sensitive information they store. HIPAA requires that a health care provider disclose the knowledge of a breach to their patients. Not only is it ethical to strive to protect your patients, a breach can also harm your business, scaring patients off of your services. This is why it is so imperative that you take the necessary steps to prevent breaches before they occur.
Preventing breaches means improving security and constantly evolving to meet foreseeable problems. Providing only authorized employees like doctors or nurses with access codes can help to prevent information from falling into the wrong hands. Experts also recommend changing access codes and passwords often to improve security even more. You can also consider encrypting information, which will only become readable once an authorized user enters an accurate pin number.
More About Ransomware
Ransomware is most often installed after a phishing attack. A phishing attack occurs when a tainted email is sent to hundreds of hospitals, health care facilities and employees at once. The alarming thing about Ransomware is that it only takes one employee clicking on the link or attachment provided to cause problems within your entire operation. This widespread problem is quickly felt among hospitals where shared information can help to streamline patient care.
Avoiding Problems Before They Start
As you can see, it is pertinent that hospitals and health clinics train their employees to handle internal operations with great care, helping them to recognize phishing attacks if they should arise. Often times, simply warning your employees about the risks of phishing can be enough. Other times, you may wish to put up signs at workstations so that a reminder of patient security is always at the forefront of your employees’ minds.
Schedule regular meetings to discuss strengthening network security. Run refresher courses to remind employees about proper procedures and to brainstorm new ways to protect vital health care data.
In addition, always be sure to backup data. In the event of a breach, especially in the case of Ransomware, you will have everything you need to continue operating as necessary, ensuring the best care possible for your patients and continued ease of operation for your health care team. You should also work to limit access points at your place of business, which can deter criminal activity before it starts. Restricting user access is another important step in securing both personal and medical data.
Security breaches pose a big challenge for the health care industry in the years to come. However, as knowledge of hacking methods become more widespread, providers can meet the challenge head-on, remembering that the digital age brings much more than just additional problems, but also additional solutions that just might save a patient’s life someday.