When you visit the hospital, doctor’s office, or healthcare clinic you expect to have doctor-patient confidentiality, and feel safe giving your symptoms to your physician, right? Well, shouldn’t the medical and personal information they have on file for you be kept equally (if not more-so) confidential? Unfortunately, that is not the case in today’s world of data breaches, ransomware, and hacking.
The Health Insurance Portability and Accountability Act (more commonly known as HIPAA), came to be in 1996. The intention of the legislation was, and still is: to safeguard medical information and data through security provisions. It specifies how Personally Identifiable Information is protected. While it has made great strides to protect patients’ medical data, and keep healthcare providers in compliance, improvements are still being made to catch-up to the reality of the healthcare industry being at the top of the list for hackers.
Why Hackers Want Your Medical Records.
So, why are hackers so eager to gain access to your medical records and personal information? Well, unfortunately this data can have a huge payoff, that typically goes unnoticed for longer than other thefts. The information taken from health records can be used for fraud, or larger hacking schemes in which they can use malware specifically on those patients whose information has been stolen.
In a blog earlier this year, we wrote about Healthcare Data Breaches in 2018, and how it has been a rough year for this industry. Since that blog, additional healthcare breaches have occurred; including the Atrium Health breach that exposed 2.65 MILLION patients’ records, and the bad news didn’t stop there. During that breach, which took place from September 22- September 29, 2018 approximately 700,000 Social Security numbers were also revealed. This left nearly 1 million people at high-risk for identity theft. Typically, the targets in healthcare are easier than other industries, and the risk/reward factor is better for these criminals, which is why it is such a huge target.
What are Victims Doing to Fight Back?
For the first time ever, a multistate healthcare data breach lawsuit is happening. 12 states (Arizona, Arkansas, Florida, Indiana, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina and Wisconsin) have joined forces to file a HIPAA-related lawsuit against 4 healthcare companies that they believe failed to ensure proper systems were in place to protect patient’s information. Minnesota Attorney General Lori Swanson said, “Patients expect health companies to protect the privacy of their electronic health records. This company did not do so.” What is great about this lawsuit is the attention it brings to the seriousness of HIPAA compliance, and the seriousness of those that strive to enforce the legislation. It also proves that healthcare providers need to take their job of protecting their patient’s privacy seriously; if that means creating stricter protocols and hiring a third-party provider to ensure compliance, then so be it. As our world continues to digitize, the healthcare industry will need to remain current in their security. Having even one patients’ information uncovered is too many, and this year alone, millions have been exposed.
How Can Healthcare Providers Be Better Protected?
Healthcare providers care about their patients, there’s no question there. But the simple fact is, according to a study that was conducted by two physicians at the Massachusetts General Hospital Center for Quantitative Health, healthcare data breaches have increased by 70% between 2010-2017. This means that hackers figured out how valuable health data is before the providers did something about securing that data (in most cases). The healthcare industry has also seen a number of unintentional data breaches (like employee mistakes) that are typically caused by a lack of training.
That is where the first action for healthcare providers comes in: employee training. Ensuring that employees are trained on how to appropriately handle private information is critical to safeguarding data. Additionally, the healthcare industry needs to invest in its IT. Currently, only 3% of its revenue is being used on technology budgets, which means that a lot of healthcare providers likely don’t have a comprehensive disaster recovery solution. This needs to change. For patients to remain protected, providers need to take action to protect them. With reputable cloud computing from a HIPAA-compliant disaster recovery as a service (DRaaS) provider, healthcare organizations have a much better chance of defending themselves from a data breach. Reputable and compliant are the keywords there, because, as many healthcare organizations have learned (the hard way), some of the public cloud giants can make it nearly impossible to remain compliant. With HIPAA regulations becoming stricter, it is critical to partner with a provider that you know will take on those responsibilities for you.
Want to learn more about data protection and disaster recovery for your healthcare organization? Contact the IT experts at DSM, Florida’s predictable cloud provider. DSM’s H-Cloud is designed for the healthcare sector to protect patients, and valuable data in today’s world.