Health Care and Data Breaches

Your Best Health Care: Health Care and Data Breaches

Health Care and Data Breaches

This blog post is my 500th article!!! 


One of the
most critical issues in the healthcare field today, for medical providers and
facilities and for consumers, is the breach of personal health care
information. The theft of personal medical records is big money on the black
market, and ID theft due to that crime is rampant.
According
to Modern Healthcare magazine,
2016 is being deemed the “year of data security” in healthcare—if
only because 2015 was a substantial wake-up call for the industry. Nearly 90
percent of healthcare providers have been hit by data breaches in the last two
years, according to security research firm Ponemon Institute, with many
large-scale and criminally driven attacks publicized in 2015. More details are
located at this website: http://www.modernhealthcare.com/article/20160227/SPONSORED/160229900/2016-the-year-of-data-security
HIT
Consultant reports that one in three Americans were victims of
healthcare data breaches in 2015, attributed to a series of large-scale attacks
that each affected more than 10 million individuals. These and other statistics
are contained in Bitglass’ 2016 Healthcare Breach Report.
Among the
most significant findings of the report was that in 2015, 98 percent of record
leaks were due to large-scale breaches targeting the healthcare industry. These
high-profile attacks were the largest source of healthcare data loss and
indicate that cyber attackers are increasingly targeting medical data.
According to Health IT Security, 80 percent of organizations handling sensitive
information report concern for large-scale data breaches, based on a survey
conducted by Advisen. This survey included organizations from several different
industries, but the most highly represented industry was healthcare, comprising
22 percent of the respondent sample.
Forbes
Magazine reported that 2015 was the worst year yet for data breaches. The
online mechanism for the Office of Civil Rights (OCR) under Health and Human
Services publishes data breaches as reported to them and required by HIPAA. The
numbers last year are just staggering:
·        
According to OCR, there were 253 healthcare breaches that
affected 500 individuals or more with a combined loss of over 112 million
records.
·        
The top 10 data breaches alone accounted for just over
111 million records that were lost, stolen or inappropriately disclosed.
·        
The top six breaches affected at least 1 million
individuals–and four of the six were Blue Cross Blue Shield organizations.
While
HIPAA is the legislation (passed in 1996) designed to protect patients against
loss, theft or disclosure of their sensitive medical information, the fines and
penalties don’t appear to be having a discernible effect on either patient
privacy or data security.
A recent
data breach study estimates that breaches cost the healthcare industry about
$5.6 billion annually. As healthcare moves toward connected care, the amount of
data exchanged between organizations is only going to grow. So what does this
mean? It means that in 2016, the healthcare industry is going to see a huge
movement towards encryption in hospitals and other healthcare facilities in
order to protect EHRs (electronic health records) and other vulnerable PHI
(Personal Health Information). More detailed material is located at this website:
http://www.forbes.com/sites/danmunro/2015/12/31/data-breaches-in-healthcare-total-over-112-million-records-in-2015/#3f9cb33b7fd5
.
Oddly
enough, however, according to Health IT Security, the first few months into
2016 are showing a slightly different trend, with results from the Department
of Health and Human Services (HHS) indicating that stolen devices and improper
disposal are the top threats currently facing the industry. Patient names,
addresses, phone numbers, Social Security numbers, dates of birth, health
insurance numbers, other medical status and assessment information as well as
some financial information have been exposed with these incidents.
According
to IT Business Edge, a big part of the problem is that security organizations
are still focused on preventative security — looking for a silver bullet that
will keep an attacker out of their networks in the first place. Despite a
Gartner recommendation that organizations shift security efforts toward the
detection of network intruders and the emergence of promising new behavioral
analytic tools and security strategies, well under 1 percent of enterprises
have the ability to find a post-intrusion network attacker. Cyber criminals
continue to have the potential for unimpeded, long-term success. More info is
located at this site: http://www.itbusinessedge.com/slideshows/2016-security-trends-whats-next-for-data-breaches-06.html
.
Hospitals, health systems, payers and any organization
with stewardship of healthcare data are prime targets for cyberattacks,
according to Becker’s Hospital Review (BHR). And there are plenty of cautionary
tales showing just how much damage hackers can do. While no healthcare
organization will ever be completely invulnerable to such attacks, they can
learn from others’ mistakes.
Here are four lessons, according to BHR, healthcare
providers can consider when thinking about data breach prevention and
preparedness:
1.    Don’t fall prey to known
vulnerabilities
.
2.   
Utilize experience-based training.
3.   
Consider a third party for security audits.
4.   
Create a contingency plan.
Businesses, especially in the healthcare field, must
always make every effort to protect patient information. That is their
responsibility, and they can be held civilly responsible, and criminally responsible
if there is a proven negligent act.
As
a consumer, you may receive a letter or an email informing you that your
personal information may have gotten into the wrong hands as a result of a data
breach.  Perhaps a media report alerted you to a security breach at a
company where you do business.
Regardless
of the type of data breach, medical information is more difficult to recover,
manage, and restore, especially for consumers. According to Privacy Rights
Clearinghouse, there are helpful tips on what to do if a breach has occurred.
Much more detail is located at this website: https://www.privacyrights.org/how-to-deal-security-breach
.
Always be
diligent to monitor your healthcare information. Take steps to protect your
personal data, and never provide your information to businesses that have no
protection or privacy capabilities in place. Always ask who will see your
information, and request a copy of their privacy policies. If you discover that
a breach has occurred, take quick action to reduce the exposure and limit the
damage that can be done. It’s your life. Keep it secret. Keep it safe.

Until next
time. 

Leave a Reply

Your email address will not be published. Required fields are marked *