In the event that a patient database is hacked, sensitive information such as Social Security numbers and insurance documents can fall into the wrong hands.
Healthcare Hacks in 2016
Despite the wide range of security options available to healthcare facilities, data breaches are still all too common.
- In April 2016, the company 21st Century Oncology made headlines when it announced a breach. A cybercriminal entered the company’s database and gained access to roughly 2.2 million past and present patients’ information.
- In August 2016, Banner Health reported a hacking incident in which attackers gained access to computers with process payment card data. Once the hack was discovered, about 3.7 million people were informed that if they had used payment cards at Banner locations between June 23 and July 7, their information may have fallen into the wrong hands.
- In the same month as the Banner Health Breach, Newkirk Products, a company that supplies identification cards to health insurers, announced that it had been hacked. In turn, the personal information of about 3.3 million people was made public.
In these instances, each company took steps to identify how the breaches happened, as well as how they were going to move forward. The Federal Trade Commission was alerted of 21st Century Oncology’s hack and worked with the company to identify and inform affected patients. The company also offered free credit protection services for up to one year. Banner stated that it was hiring a forensics firm to block the cyberattackers and offered patients a free one-year membership to monitoring services. Similarly, Newkirk offered free identity protection services to affected individuals of its security breach for up to two years.
Although these companies did inform any affected individuals and took steps to prevent and protect against future attacks, these data breaches could and should have been prevented.
How to Protect Patient Data
Measures such as credit monitoring services can help patients before and after a cyberattack occurs, but healthcare professionals should be working together to prevent these hacks in the first place.
To start, it’s important to recognize that the Health Insurance Portability and Accountability Act (HIPAA) requires all U.S. healthcare workers to properly protect patients’ health information.
Privacy advisor Joe Ross of The International Association of Privacy Professionals says facilities can begin by taking an enterprise-wide approach. This means educating every staff member, regardless of the department in which they, on the importance of data security. It may also be worthwhile to restrict data access to certain users, reducing the overall risk of information accidentally falling into the wrong hands.
The possibility for low-tech data breaches should be taken into consideration, according to Dr. Luci Belnick:
Healthcare facility leaders can further protect data by ensuring that security measures are always in place. About 90 percent of the top 10 breaches that occurred in 2015 were the result of hacking or an IT incident, according to Forbes. Approximately 38 percent were because of “unauthorized access/disclosure,” and 29 percent were categorized as “theft.” Frequent, routine checks and testing can identify any flaws in the security system. Furthermore, they may be able to prevent costly breaches.
By taking some of these preventive measures into consideration, healthcare employees can enhance the security of their patients’ data and maintain the reputation of their organizations. As technology continues to develop and improve, it may become easier to access patient data for providers and hackers, making protecting this sensitive information a high priority.
Krystle Vermes is a professional writer and blogger with a background in both online and print journalism. When she isn’t freelance reporting in the healthcare, pharmaceutical, and technology fields, she’s running her paranormal blog, GetSpooked.net, and hosting the “All Day Paranormal” podcast. Krystle is a graduate of Suffolk University and holds a bachelor’s degree in print journalism.Krystle Vermes, Professional writer and blogger