By Robin Singh
The post originally appeared on Robin Singh’s Blog,whitecollarinvestigator.com.
INTRODUCTION: RISKS AND THREATS TO THE HEALTHCARE INDUSTRY
While digital technology has certainly presented a number of advantages to modern society, it also comes with its own fair share of risks. Each day, cyber threats put our digital identities at risk. With millions of records being exposed in data breaches on an annual basis, there is now special concern given to medical records. While a data breach within the healthcare sector might not involve the same financial effects as a Fortune 500 company, the effects can nevertheless still be quite significant. Stolen healthcare records can result in not only financial loss but also inaccurate medical records that can ultimately lead to a misdiagnosis.
According to a study published by the Ponemon Institute, the number of cyber criminal attacks launched against healthcare organizations has doubled within the past three years. Medical identities have become highly valued commodities on the black market and are now considered even more lucrative than financial identities.
DATA BREACHES BY INDUSTRY: FACTS AND FIGURES
The demand for healthcare records has now reached epic proportions. In 2013, the percentage of data breaches affecting the business sector stood at just over 34 percent, according to a report published in the Boston Globe. By comparison, the banking/credit/financial industry accounted for less than 4 percent of data breaches. The educational and government/military sectors both accounted for about 9 percent of data breaches that year. The sector hit the hardest by data breaches in 2013 was actually the healthcare sector at a whopping 43.8 percent.
SAFEGUARDING PATIENT INFORMATION
While some might argue that controlling costs is one of the most difficult aspects facing the healthcare industry, in reality, safeguarding patient information is not exactly easy. Preventing data breaches involving patient records requires the implementation of a clear strategy. Unfortunately, the healthcare industry has remained largely reactive in the past rather than being proactive. By taking a proactive strategy that involves taking inventory and monitoring personal health information, including how it is used and stored along with how it flows through organizations and partners, it becomes possible to determine how and when such information is most likely to be exposed. Additionally, it is important for healthcare organizations to consider how such information can be accessed. The use of best-in-breed access control systems that take into consideration the context of requests along with the identity of the requester is just one way to combat possible theft of medical records.
THE TOP 5 SOFT SPOTS IN THE HEALTHCARE INDUSTRY
As instances of cybercrime continue to mount in the healthcare industry, several areas of vulnerability have emerged.
CONTRACTUAL OBLIGATIONS
Healthcare providers are responsible for ensuring that partners store, manage, and handle healthcare information in a manner that meets all relevant security and privacy responsibilities.
WORKAROUND TEMPTATIONS
Every second counts in the healthcare industry. Even so, this can lead to healthcare professionals figuring out a workaround to privacy measures if they add time to necessary procedures.
HACKABLE MOBILE APPS
Mobile apps are now an integral part of the healthcare industry. While they provide a faster and easier way to address healthcare challenges, apps can also open the door to potential breaches of sensitive information and healthcare records.
UNPROTECTED EMAIL
Increasingly, healthcare providers request information from patients via portals, yet healthcare information can be easily compromised when patients communicate with healthcare professionals via email.
THE INTERNET OF THINGS
Although the Internet of Things has received tremendous press for the convenience such devices provide, they also have serious medical flaws and can result in serious cyber security issues.
The potential consequences associated with failing to pay attention to the need for cyber security in the healthcare industry are simply too grave to ignore. Case in point: South Shore Hospital in Massachusetts agreed to pay $750,000 following allegations that the hospital failed to protect confidential health information involving more than 80,000 patients.
[clickToTweet tweet=”Information Security Today in the Healthcare Sector” quote=”Information Security Today in the Healthcare Sector” theme=”style3″]