Per a recent survey done by Accenture, trust in health care providers and their ability to keep consumer personal and sensitive data secure is supposedly high at 88%. However, when you look closer at the survey 53% only ‘somewhat’ trust them and only 36% trust them a great deal. Since ‘somewhat’ is defined ‘as to a small degree’ in the Word Book dictionary, I wouldn’t call that high trust. And these people have good reason not to fully trust health care providers to keep their sensitive information perfectly safe as per the same report, more than 25% of U.S. consumers have experienced healthcare security breach and half of those people have fallen victim to medical identity theft as a direct result of such a breach.
2016 was a particularly bad year in healthcare security and affected more than 16 million Americans. Unfortunately, 2017 is not looking any more promising. Surprisingly, only 26% of companies that experienced a breach have added new security protocols as a result and only 22% have taken action to explain how future security breaches would be prevented. Additionally, per this year’s Healthcare Data Security Report, 40% of the breaches last year are due to unauthorized disclosure of information, either by accident or deliberate acts by healthcare employees. The remaining 60% were hacking incidents, loss, and theft. Given that external sharing is now becoming easier and information is now being stored on the cloud and through mobile apps, security risk could, unfortunately, become even higher.
What you can do to protect your patients and organization
It is always more beneficial to stay proactive and work on security measures before any disaster strikes. The Department of Health and Human Services provides some guidelines which can be used when building a security threat assessment checklist to make sure all areas are considered and you’re protected. This includes protecting your computer and mobile devices, using anti-virus software as well as a firewall, creating strong passwords and changing them frequently, controlling physical access, as well as limiting network access.
But even if you implement the best security system out there, errors or mistakes often begin with the users of the system. Thus, one of the main protocols any health care provider must instill in the organization is proper education of the employees in this subject matter. Not being lack in responsibility and accountability is a must when it comes to the security of such sensitive patient information. Having your employees not only know but practice the procedures on a regular basis should be part of your checklist.
Preparing for a possible breach is a good way to stay on top of your security measures, instead of hoping that it won’t happen to your organization. For instance, having an automated and secure back-up system should be on your priority list.
Considering the importance of the issue you’re faced with as part of the health care community, it is advisable to hire a professional before you’re faced with a security breach. If you’re prepared, it’s unlikely you will be faced with disaster.
At Massive Alliance we have dealt with insider violations, unsecured transfer of data between clinics and hospitals, leaks of sensitive patient data, exploit of healthcare devices, patient records sold on black markets, online healthcare payment scams, phishing, and email scams.
Detecting these crimes, however, is not enough. Our Cyber Task Force works with you to detect impending threats and shut them down before they reach system end positions.
We are also very familiar with regulatory guidelines set forth by HIPPA (Health Insurance Portability and Accountability Act) and FIMSA (Federal Information Security Management Act) and can ensure full compliance. Our security threat assessment can detect hidden sources of threat and ultimately save you the hefty penalties that go along with a security breach.