2015 is the year that healthcare gets hacked, repeatedly and it will only get worse. This blog post will cover some of the reasons why healthcare is such a prime target for hackers and what can healthcare providers to protect themselves and their patients.
In the past everyone was shock to learn of hacks to major retailers like Target and Home Depot. However, this year hackers are going after the healthcare industry. Traditionally healthcare information is stolen by physical means, someone stealing a laptop or USB drive.
Now it is not uncommon for hackers to cripple a system via phishing, trojan viruses, malware, cookies, and other type of cyber attacks. Already this year we have seen hacks of major healthcare entities such as Anthem and Premera. Both of these attacks combined affected more than 90 million people. That is almost 30 percent of the entire United States population!
There are several reasons why healthcare is such an attractive target for hackers. For one, healthcare contains a treasure trove of data. Data such as your medical profile, social security number, contact information, family information, credit card numbers, and health insurance information are all stored with your healthcare providers. With this kind of information, cyber criminals can use it to purchase medical equipment, controlled substances, commit insurance fraud, and much more. Unlike credit card numbers, healthcare data is much more valuable to hackers on the black market.
The FBI believes that cyber criminals are getting at least $20 per healthcare credentials on the black market, as compared to $1 to $2 per credit card number.
What makes it more troubling is the private nature of healthcare information, once leaked it is extremely difficult, if not impossible to fix or change. Can you imagine how hard it would be to change your social security number? Healthcare is slowly making the movement towards the digital information age with EMR and EHR implementation. This movement will no doubt streamline healthcare operations and administration. However, having everyone's medical information in a digital format makes it a much more enticing target for hackers. There are some healthcare system that sill relies on legacy systems, some of which have not kept up to date with current cybersecurity threats. With all of these factors combined, what are healthcare providers suppose to do to stay HIPAA compliant and protect themselves against cyber threats?
Paubox has the following suggestions.
1. Do a thorough system assessment for any vulnerabilities- whenever an organization adds new software or devices, there are bound to be flaws. Performing a thorough assessment of your IT system will ensure that you are up to date with HIPAA regulations.
2. Consider encryption- in this age of information, you need to encrypt all of your work devices and communications. There are some free software on the web that you can download to encrypt your hard drive, and for mac users there is a standard hard drive encryption application that comes with every mac device. Additionally, healthcare providers must consider encrypting their emails. Email is a key foundation for any business, ensuring that your email communication is secure is just best practice.
3. Cloud solutions-having a cloud solution, such as cloud storage enables your organization to increase efficiency and save on cost since there is no software or hardware to install. Security assessments can be done in real time with the cloud, further saving you time and money. Healthcare information is vital and with the repeated threats of cyber attacks, everyone must be proactive to ensure that healthcare information stays secure.