Cyberthreats are on the rise, and the healthcare industry is especially vulnerable. Data breaches and ransomware are two of the top threats. TPAs and employers must take precautions to protect healthcare data.
Hackers want your healthcare data. According to Becker’s Hospital Review, patient records can fetch $1,000 on the black market. That explains why hacking incidents were up 25 percent in 2018, with more than 11 million patient records impacted.
Hackers use numerous tactics to gain access to your data.
- They can gain access by exploiting vulnerabilities in your computer systems.
- They may use phishing schemes to trick you into clicking a malicious link that will infect your computer with a virus.
- They may take advantage of human error – for example, when an employee forwards information to the wrong person or leaves a flash drive in a public place.
- Employees or former employees may take advantage of their continued access.
When hackers succeed in accessing your patients’ protected health information, you could be charged with HIPAA fines for failing to prevent it.
- Just this May, a Tennessee diagnostic medical imaging services company agreed to pay $3,000,000 after it was discovered that one of its FTP services allowed uncontrolled access to protected health information and allowed search engines to index this information.
- Also in May 2019, an Indiana company that provides software and electronic medical record services to healthcare provides agreed to pay $100,000 after hackers used a compromised user ID and password to access data.
- Last year, a Colorado hospital agreed to pay $111,400 in fines after it failed to terminate a former employee’s access to electronic protected health information.
Instead of selling data on the dark web, some hackers rely on extortion. By infecting your computer systems with ransomware, they can encrypt your files and hold them ransom unless you agree to pay a large sum of money. This threat has not faded since the WannaCry attack made headlines in 2017. If anything, it’s gotten worse, especially for the healthcare industry.
According to HealthITSecurity, at least five healthcare companies fell victim to ransomware in the span of a week this June. One company paid $75,000 to regain files, a process that took three days.
Your Security Checklist
- Keep computer systems updated to prevent and eliminate vulnerabilities. Security patches don’t help if you don’t install them.
- Use a secured Wi-Fi network, antivirus software and firewall protection.
- Back up data to an external hard drive. This will allow you to recover data in case it is destroyed by malicious software.
- Train all employees on data safety. This includes training on laws regarding protected health information, keeping a close eye on portable devices and recognizing suspicious links.
- Use strong passwords (no default setting or obvious choices like “passw0rd”) and encryption to protect healthcare data. If data or equipment falls into the wrong hands, this will be the last defense.
- Make sure former employees no longer have access. Change passwords when employees quit or are terminated.
- Work with partners who take cyber security seriously. At Travisoft we make sure to exceed best practices and key compliance regulations to keep your data safe, while you grow your business.