As a company that creates software, we have seen firsthand how technology has advanced in unimaginable ways; aiding us in areas we previously could not comprehend. However, it does come with its challenges, which means it is imperative that we take measures to ensure we can face them head on, without serious issues. This is a particular concern for those working in the healthcare space. A recent article in Information Age, talks about the problems faced by the healthcare industry due to recent cyber attacks. It sets out in detail the causes of such attacks and how to stay well protected. From our perspective, as we become more and more aware of such issues, and research on the best practices in healthcare security, we try to develop our solutions accordingly, to keep healthcare providers well protected. With that said, we do recognize that we may not fit with everyones wants and needs. In such instances another vendor may provide a better offering. Our aim is to provide you with as much as information as possible so that you make the right decision.
Cyber Attacks And Healthcare Security
Considering the past breaches in 2014, the article on Information Age revealed that the healthcare industry with its whooping $3 trillion value, has been repeatedly warned about cyber-criminals and their possible attacks in 2015, which might not come to be of a surprise to many. In addition, it has been said that another reason for such a possibility to occur is the ease at which these attacks can be targeted. This is mainly due to the fact that the healthcare industry tends to make less than adequate investment in cyber security. With that said, there are several other reasons why the healthcare industry seems to be a common target for recent breaches.
The article begins with first overviewing the data breaches of 2014. According to the Identity Theft Resource Center (ITRC) there were a total of 761 breaches, amounting in 83,176,279 exposed records, with the healthcare industry being the most targeted one with 322 out of the 761 breaches, a share of 42.3% in the reports. The reason that we often hear more about credit frauds and breaches that have occurred in the banking industry than any medical records being stolen, is mainly due to the fact medical records are not usually reported in a timely manner. According to the article, it, in fact, takes years before anyone realizes that the data has been compromised. Whereas, the banking industry regularly monitors suspicious account activities, resulting them to promptly identify possible breaches.
Why The Healthcare Industry Is A Prime Target
It is important to understand the value of stolen medical records, in order to better comprehend the reasons behind the healthcare industry being a big target for cyber-criminals. Despite being valuable to the average cyber thief, personal banking information does not have nearly as high of a payout as that of a medical record. In fact, the article suggests that stolen medical information has about ten times more of a value than that of credit card data. It is reported that the average amount of record stolen per known breach in the recent past was around 28,564. The value of the records may range from anywhere between $285,640 to $1.7 million per breach. Whereas, for similar breaches, credit card data may amount from $28,564 to $170,000.
Due to the comprehensive nature of medical records, they are deemed to be of a very high value. Information such as social security numbers, birth dates, billing information, and such, can be use to create fake IDs used to buy drugs that can be sold later, or be used to file false insurance claims.
Hospitals, in general, lack proper cyber security defences. Healthcare spending for cyber security is not as thorough when compared to other industries’. One of the major reasons for this is the lack of funds. So what exactly is the cost of a breach? According to the article, the average cost of a data breach for an organization in the healthcare industry amounts to $2 million over a two-year period. Hence, it becomes more understandable to invest in cyber security defence systems; because it is better to be safe than sorry, right?
Healthcare Security & BYOD
In our technological age, it has become a norm to adapt at least one personal device. Therefore, it may not come as a surprise when the article revealed that more than 88% of the healthcare organizations have admitted to permit their employees and other medical staff to use personal devices for work related activities. This creates problems as more than half of such organizations claimed they could not acquire the security statuses of these devices, resulting them to be unable to protect patient data contained within.
In order to save oneself from hefty fines resulting from HIPAA violations, healthcare organizations must take proper precautions. Systems such as our BA Manager, may come to aid such security issues as it helps keep track of the flow of data, keeping everything in check in terms of HIPAA regulations.
Adapting Antivirus Software
According to the article, it is essential for organizations to have antivirus products installed in their systems. It is, also, a requirement for HIPAA to have such systems in place to avoid harmful infections within the network. Our BA Manager does not have an integrated antivirus scanner, however, it does have a vulnerability scanner that looks at all exploitable vulnerabilities that can cause issues and can be exploited by malware and/or hackers. On top of this, it also looks at configuration problems as well.
In order to avoid a possible data breach, it is critical to ensure whether devices connecting to a hospital’s internal network are, in fact, secure. To do this, proper host checking and monitoring of endpoints security status is imperative. Hence, our BA manager’s ability to scan vulnerabilities is very useful, as it scans endpoints for any similar issues.
Finally, the article suggests that it is imperative to adopt proper email security software to avoid breaches caused by phishing attacks, like the one in the Anthem breach. Healthcare organizations should employ a robust email security solution in order to avoid such security breaches.
In conclusion, it has been becoming clearer and clearer that healthcare industry needs to reevaluate its expenditure on security defences before another breach occurs. After addressing the aforementioned problems, it is clear how vital it is for the industry to adapt thorough security measures, as well as, effective communication in order to avoid hefty costs and potential loss of millions of dollars in recovery from data-breaches.
Our Solutions For Better Healthcare Security
At PolicyMedical, we strive to keep up to date with the news in healthcare security, especially in terms of compliance, risk, and security. Our offerings, such as the one with Aegify, BA Manager, help our clients stay in touch with their policies and regulations requirements so as to keep themselves from violating any requirements, such as the ones proposed by HIPAA. You may find that upon reviewing our offerings that they are the exactly the kind of solutions your facility requires, or it may be that you find another vendor offers a better option. Regardless, we would be more than happy to clarify your questions, please do not hesitate to contact us. Alternatively, you may book a demo to view our applications in live action.