In Part 1 of this blog, I discussed 2 key reasons why we should expect a rise in the number of healthcare data breaches:
No. 1 The rise of the Digital Health Economy
No. 2 The digitization of healthcare
Now let's look at other reasons why we will see this problem grow.
Reason No. 3 Linens & Things – the New Business Associate
It doesn’t stop with Digital Health companies. Remember that Electronic Health Record system that the providers made so much investment in? Now they have all their patient data in electronic format, it is less efficient to deliver this information manually to their linen services provider, their transport services company or their janitorial services vendor. They want those vendors to plug in and receive information electronically. The linen services company needs to know what conditions are being treated in a particular room or facility; the transport services company needs medication instructions for a particular patient; or the janitorial services vendor may need to know what medical waste to dispose of. This means they have online access to sensitive health information! And as a result, these companies are likely to be subject to regulations such as HIPAA and not even know it. Are they even thinking about how to properly secure the data? Most of them have never had to worry about protecting private health data.
Reason No. 4 The value of health data
We all instinctively protect our financial data and happily subject ourselves to security questions, withdrawal limits, pin codes and fraud protecting alerts. We know what we need to do in order to prevent others from getting their hands on our hard earned cash. But how many of us read, let alone question, that HIPAA disclaimer we sign when handing over our most sensitive health information to our doctor’s office? It is estimated that health records are 10 to 50 times more valuable than our financial data. As financial institutions have implemented multiple controls to limit exposure if your financial identity is compromised, criminals see health care as a soft target. Last year, in a breach at Children’s National Medical Center, up to 18,000 records were believed to have been compromised. A recent lawsuit filed by one of the victims stated that in addition to personal health data, information including social security numbers, addresses, birth dates and telephone numbers was stolen. This makes it a significantly richer data set than financial data alone.
The digital healthcare revolution is exciting for both patients and the organizations that provide them service. New applications and tools mean better services for patients and more efficient operations for the healthcare providers. And as with all revolutions, there is a price to be paid! There is now a growing, valuable data set that is increasingly in the hands of smaller, less resourced companies. And this data is sought by an increasing motivated criminal set! These companies must be responsible and implement robust security and compliance programs. Will we look back at 2015 as the year of the data breach? Or will it be the start of a new paradigm in data security and compliance?
To learn more about IT Security and Compliance and how your company measures up with best practices, take a free online High Level Assessment.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.