September 5, 2017
Webinar Series: Purple Teaming - Validating Detection & Response Capabilities
Healthcare data theft totaled more than 112 million records in 2015, according to the Office of Civil Rights. Moreover, 42.5 percent of all data breaches have occurred in the healthcare industry in the last three years, and 91 percent of healthcare organizations have reported at least one breach in the last two years. Hackers, unauthorized access from staff, improper disposal, data loss — all of these factors contributed to large-scale data breaches in hospitals and medical facilities across the United States. Now, more IT managers and administrators are investing in cybersecurity to safeguard patient data.
Did you know that medical records are more valuable to hackers than other types of data? Research suggests that just one medical record with personal details can sell for $60 or more on the dark web — $45 more than a social security number.
Once someone has access to the information in a medical record, they could steal a patient's identity. This is becoming a huge problem in the U.S. — more than 15 million Americans have their identity stolen every year.
Medical records are often easier to hack than bank accounts. Several hospital computer networks in the U.S. have been hit by malware, causing IT administrators to amp up their security. This is also a global issue. In 2017, part of Britain's National Health Service (NHS) was subject to a WannaCry ransomware attack. Many infected computers were running old, unsupported versions of Microsoft Windows, leaving hospitals vulnerable to malware.
A data breach in the healthcare sector has a snowball effect. Hackers steal valuable patient data — think names, passwords, addresses — and use these to gain access to financial services like online banking and credit card accounts. They can also gain access to policy numbers, billing details and diagnosis codes — all of which can be sold on the black market and used by fraudsters.
There are a number of ways you can improve cybersecurity, however.
One person should be responsible for cybersecurity within a hospital or medical facility. This IT manager or Chief Information Security Officer has responsibility to protects patient data by using the latest security solutions, updating and installing security patches, and keeping up-to-date with the latest safety recommendations from the vendors and other trusted sources.
The average cost of a medical record in a healthcare data breach is $402, according to the Ponemon Institute — twice the amount of a stolen record in the retail sector. This is why you should prepare for the worst-case scenario — a large-scale data breach — and create a cybersecurity plan that really works. You should know how to mitigate damage in the event of a breach and when to notify patients, for example.
Federal and state laws are murky when it comes to security threats. The Health Insurance Portability and Accountability Act (HIPAA) stipulates standards to protect personal health information, but these are complex and confusing. You should, therefore, engage with security and HIPAA experts to improve your compliance procedures and protect medical records.
Threat detection and endpoint protection technology safeguards your computer networks and managed devices and prevents malware from infecting your systems. Look for solutions that limits data loss and protects your computer infrastructure, including desktops, laptops, smartphones and wireless devices.
Other security tips include using next generation anti-virus solutions, installing a firewall, changing your passwords frequently and enlisting the services of a managed security services provider.
IT security has become a major concern for medical professionals. As valuable patient data is exchanged online, you need to streamline your cybersecurity protocols. This way, you can improve compliance with federal and state legislation, detect critical threats and mitigate damage after a security breach.
Security news, tips, webinars, and more straight to your inbox.
