Information thieves love health data– and they’re gunning for it again this year.
Knowing how to prevent data breaches in healthcare is increasingly critical. This year’s Data Breach Industry Forecast by Experian has predicted that healthcare will continue to be the most targeted sector. Thieves want healthcare data because it is worth a lot – each chart on an electronic health record (EHR) can sell for up to $50 each on the dark web, while a stolen credit card number might go for just $1 each.
Health information is also easy to exploit. Last year, the healthcare industry accounted for 88% of all ransomware attacks in the U.S. Because patient care is in jeopardy during a ransomware attack, ransoms are usually paid.
The 2016 Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data by Ponemon showed that over the past two years the average cost of a data breach was more than $2.2 million. Nearly 90% of healthcare organizations in the study had a data breach in the past two years; nearly half had more than five.
Here's how to prevent data breaches in healthcare:
- Increase the cyber security budget. Protect patient data with advanced network security that can detect indicators of compromise and quickly respond before an attack starts.
- Conduct a HIPAA and HITECH security risk analysis. Healthcare providers must submit their systems to an annual security evaluation. The analysis will show potential threats to IT systems, and this is an opportunity to improve security too. Here’s what organizations need to know about healthcare compliance.
- Improve network security. Use the most up-to-date security measures, and vet partners and third parties to make sure they all have the proper information security in place too. “It only takes one compromised or outdated system to lead to exposure,” said one security expert.
- Separate patient information. Create dual wireless networks in facilities so there is one protected network for patient privacy and another for the public and others.
- Provide on-going employee training: All employees should understand data security best practices in the workplace. Use training to teach individuals to protect their own health records too. Never give out information unnecessarily especially on social media websites (posting upcoming medical procedures can help criminals create an exploitable profile). Also, don’t share health cards. Almost half of medical identity theft occurs when a family member or friend uses someone’s health insurance card to see a doctor, get prescriptions or medical equipment, or file a false claim.
- Securely destroy confidential information. All confidential health information must be securely destroyed when it is no longer needed. A workplace should partner with a document destruction company that provides locked consoles and secure on- or off-site shredding. To securely destroy electronic data, ask about the company’s hard drive and e-media destruction services too.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.