Data breaches are becoming all-too common these days. It’s difficult to read the news without seeing yet another account of a major institution suffering from intrusions by computer criminals. Each such incident should serve as a reminder to shore up our own data stores.
Of course, no system will be 100% foolproof, but when you own or manage a medical organization, it’s your duty to ensure that you are doing everything possible to secure the healthcare data that you maintain on each patient (within reason and by following current best practices).
Consider that about 89% of healthcare organizations were victims of data breaches during the past two years, according to a recent report from Infosecurity Magazine citing statistics from the 6th Annual Benchmark Study on Privacy and Security of Healthcare Data that Ponemon Institute carried out with sponsorship from ID Experts.
Some 79% of healthcare organizations were attacked two or more times during the previous two years, representing an increase of 20% from 2010. Furthermore, the cost of healthcare data breaches reaches $6.2 billion a year, noted the study. With such sobering statistics, you’ll want to eliminate the risk of a healthcare data breach in your own organization. Here are three ways to remove this risk.
1. Hire the Best People and Train them in Best Practices
Task your HR department to double-check the CV of each applicant and make an effort to do a more intensive background check on employees who will have access to as well as control over the sensitive data that you gather and maintain in your system.
Hiring the right people is just the first step. Arrange enough time and resources to train each new employee on the fundamentals of data security. If you have staffers who haven’t had a refresher course on security in some time now, it would be a good idea to arrange new training for them as well.
They must become aware of how criminal hackers might try to “social engineer” them (use leading tactics to gain more information from unsuspecting employees to be used to commit data theft).
Trustworthy employees are your first line of defense against intrusions, but they will only be as effective as the training you provide them. This is not a time to skimp on education.
2. Keep Your Healthcare Software Up-to-date
Using outdated software, particularly in an industry where information security is mandated by the government, is a disaster waiting to happen. HIPAA (Health Insurance Portability Act) provisions require medical organizations to take pains to secure the data they gather.
Your software provider should issue an immediate fix whenever a security issue is discovered. This is why it pays to go with a vendor that has a proven track record in the industry and is known for its attention to security matters.
3. Hire Professionals to Conduct a Security Audit
A complicated system, especially when legacy software is involved, can be difficult to evaluate and may be beyond the means of your internal IT department. This might very well be the time for your organization to hire security professionals. Have them come to perform an unannounced security audit (to catch your team off guard and reveal weaknesses in the system).
Mounting healthcare data breaches and the major problems associated with the exposure of this sensitive information are obviously to be avoided at all costs. Making sure that you’ve taken proper steps to ensure the security of the information you collect and store on each patient should be of paramount importance to you and your staff.
Remember that you have to do your part by verifying that your healthcare software is always updated in the face of emerging security breaches.
Key Takeaway
- The odds are against your medical organization when it comes to healthcare data breaches, with 89% of survey respondents saying they were breached during the last two years.
- It’s crucial to vet the people you hire and then train them to protect the security of your healthcare data.
- Always upgrade to the latest version of your healthcare software.
- Your IT department should continuously monitor your organization’s computer network to guard against intrusions.
- In many cases, a security audit of your computer systems will help enormously and let you spot deficiencies to immediately correct.
