Healthcare Data Breaches on the Rise – and Healthcare Data Remains at Risk
If you had to guess what kind of data is most likely to be stolen, what might be at the top of your list? On one hand, identity thieves may prefer social security numbers they can sell to others – and in turn used to rack up charges on fraudulently obtained credit cards. Others may want to collect passwords and logins to steal valuable corporate secrets.
For a certain set of data thieves, the most valuable type of data to steal is personal healthcare information. Hospitals and healthcare systems have increasingly been the target of attacks, and one report found that over 15 million patient records were breached during 503 attacks in 2018. Unlike thieves who want to steal for immediate personal financial gain or to gain an illegal competitive edge, industry observers point to stolen healthcare data as a valuable tool for foreign governments who may want to use the data they steal to blackmail individuals.
Unfortunately, many healthcare facilities remain unprepared to keep data breaches at bay. An assessment of 600 hospitals found that 28% are not compliant with HIPAA Security Rule. Additionally, the report also found that most organizations were underprepared with respect to threat detection, one of the four pillars of NIST CSF security protocols.
Personal Health Information can be stolen or illegally accessed in a number of different ways. Sometimes hackers use phishing attacks targeted at unsuspecting employees. Other times healthcare facility employees will access information on family members. A third area is how secure data is when it is stored.
If you’re running a healthcare facility, storing personal health information in the public cloud, and are unsure whether your data is being stored as safely as it could be, you may want to evaluate whether your data is meeting safety and security standards by asking yourself these questions:
- Are your hybrid cloud service providers compliant with HIPAA security rules?
- Have your hybrid cloud service providers obtained additional security protocols, such as SOC 2 Type II certification?
- Is your environment monitored 24/7/365 by a team of experienced hybrid cloud security professionals?
- Has your hybrid cloud service provider recently undergone penetration testing to evaluate its security?
If you answer “no” to any of these questions, your patient information could be at risk of being stolen. If you would like to address data security at your healthcare facility, your next step may be to talk with a team member at IPR. Not only is the IPR regulatory-enforced cloud compliant with both HIPAA and SOC 2 Type II protocols, but our team of experts also has decades of experience in keeping data safe.
To speak with a team member about how we can reduce the chances of your patients’ personal healthcare being stolen, email us today.