Healthcare providers are busy practicing medicine and treating patients; however, the information networks that contain patients’ protected health information could be under attack.
According to a Healthcare Cyberthreat Report, “researchers found evidence that 375 different healthcare networks had been compromised by attackers.” Article. “We were shocked at [the number of] devices that were wide open to the Internet that would provide adversaries with considerable power and access not only for a breach, but — for those who are skilled — even to conduct malicious acts.”
This report should be a wake up call to many healthcare providers.
1. Healthcare Providers Are Attractive Targets: “The report found that the most frequently compromised types of health organizations were healthcare providers (in 72% of cases’)”
2. IT Actions and Inactions Have Serious Consequences: “Many healthcare networks also appear to be using devices for which the default — and publicly known — admin usernames haven’t been changed. In other cases, security administrators have failed to give each device a unique password.”
3. The Government Is Enforcing Monetary Penalties: “For healthcare organizations, of course, failing to properly secure patient data opens them up to HIPAA fines and enforcement actions. In 2013, according to Filkins at SANS, individual HIPAA fines started at $150,000 and peaked with the $1.7 million fine against WellPoint for failing to protect information on more than 600,000 patients, which was left easily accessible via the Internet. Despite the threat of such fines, 18 years after HIPAA was passed, and with the White House itself struggling to make the HealthCare.gov insurance portal secure, the SANS study suggests that many organizations that touch patient data still aren’t taking the health of their IT infrastructure seriously.”
Healthcare providers access and obtain all of the juicy information hackers are looking for–name, date of birth, address, phone number, email addresses, social security numbers, relatives’ information, credit card numbers, etc.–which make them a treasure trove of ideal information. As a result, health care providers need to work with legal counsel to make sure the practice–and data–are protected.
If your organization needs assistance with protecting its data – we can help. For assistance CLICK HERE.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.