These Healthcare Industry’s Weaknesses Can Lead to Data Breaches
April 26, 2018
Data breaches continue to impact millions of patients and health plan members and just this first quarter of 2018 about 1 million individuals had their protected health information exposed. The first month of the year saw the largest incident of data breach as reported to HHS’ Office of Civil Rights. The hacking incident may have affected 280,000 records.
In the below table, for this first quarter alone, the top 10 covered entities that have experienced the most number of affected individuals due to breach incident already totaled 802K.
The worrying rise in successful data breaches against healthcare organizations continues to be a wake-up call to the healthcare sector as they struggle to protect themselves and their vulnerabilities against these cyber attacks.
We have listed some of the top healthcare industry’s weaknesses in terms of these data breaches:
- NOT Keeping your IT systems i.e. software and firmware updated.
Hackers are looking for easy targets and follow the path of least resistance. Health organizations have all the power to stop and prevent these hackers from evading security processes and stealing or altering healthcare organizations’ financial or patient data. Performing these updates will deliver an assembly of revisions to your computer, such as adding new features, removing obsolete features, updating drivers, delivering bug fixes, and most essentially, fixing security holes that have been revealed.
- NOT Strengthening your organization’s Physical Security or Safeguards.
In our previous blog, we have discussed about conducting Physical Security Walkthroughs. This is one of least checked areas of security. Nowadays, large facilities can accommodate Building control systems’ becoming digital or internet-protocol (IP) enabled. The key components of BMS includes building automation systems (BASs), fire alarm systems (FASs), physical access control systems (PACs), closed-circuit television (CCTV), utility meters and more. Given the sensitive nature of the data stored on your physical security system and the magnitude of the risks associated with unauthorized access, a health organization cannot afford to avoid such threats. Ensuring the existence of these Physical Safeguards, testing them, reviewing and updating them is just one of the ways you can truly prevent data breach incidents.
- NOT Cultivating a Culture of Cybersecurity within your Organization.
Making information security considerations as a vital part of every staff and management’s job, habits and conduct as well as surrounding them in their daily tasks can tremendously help mitigate data breach incidences. Do remember that the majority of data breaches within organizations are the result of human factors. It is about time for each member of the organization to treat cybersecurity policies not only as guidelines but as rules. A change of mindset is warranted that fosters security awareness and risk perception amongst each member of the organizational hierarchy.
Addressing these vulnerabilities empowers everyone in the health organization. When a health organization is better equipped it has a better stand on defending itself against these attacks and consequently addresses compliance with HIPAA laws as well.
