Healthcare professionals are less prepared for a cyber attack than any other industry. As reported on the FierceHealthIT website, experts believe that the healthcare industry is more vulnerable to attacks than even retail or financial services industries. Why? Because more and more healthcare professionals are switching to electronic records without taking the data security measures to keep those records safe.
This news is particularly troubling because, as you well know, healthcare professionals have HIPAA and HITECH laws to contend with. When you violate these regulations, you’re penalized with heavy fines, making a healthcare data breach more expensive than standard breaches. (For more information, check out our other posts on HIPAA data breaches.)
What Do Hackers Want with Health Records Anyway?
Hackers don’t steal information for the fun of it – they steal to make money. The whole point of breaking into a business’s network is to find valuable information (names, credit card numbers, etc.) to sell on the black market. Other criminals then pay for this information in the hopes that they “steal” someone’s identity to make purchases or pilfer from their bank accounts.
What does this have to do with health records? A complete health record contains information that makes it easier for a criminal to assume the victim’s identity. As FierceHealthIT notes, an average data record can sell for about a buck on the black market. But a medical record with a “complete identity profile” can sell for $500.
In other words, hackers have more incentive to break into a healthcare professional’s network. And many healthcare professionals are making it easy. According to the article…
- 50 percent of healthcare CIO describe their data security “abilities” as average.
- Many healthcare facilities have leaked their own data.
So what can a healthcare professional do?
How Allied Health Professionals Can Combat Cyber Criminals
How can you make your healthcare business a less desirable target for hackers? Unfortunately, there is no getting rid of your valuable health records. That means you have to do all that you can to protect those records and secure your network. These tips can help:
- Use strong passwords. This means using complex letter-and-number passwords for each account. You should also use a different password for each account.
- Limit access. Only people who need to have access to sensitive information should have access. Remote hackers aren’t the only people stealing businesses’ information. In fact, most data breaches occur because of human error (such as accidentally releasing records) or thieving employees. Don’t forget to make sure employees who have been fired or who have moved on no longer have access to your network.
- Don’t let employees take data home. Sometimes it’s tempting to allow employees to work from home, but you should never allow sensitive information to leave your office. For one thing, you have no control over how secure the employee’s home network is. For another, it’s easy for your business’s thumb drive to pick up malware from an outside computer. For the same reasons, it may also be a good idea to limit the use of personal devices (your employees’ smartphones, tablets, etc.) on your business network.
- Encrypt your data. You should always encrypt data on your network – and keep the encryption keys in a completely separate location. Experts distinguish between a “secure” data breach (one in which data can’t be used because of proper encryption techniques) and an “unsecure” data breach (one in which data can be stolen and used). A data breach still costs money, but one that results in actual identity theft will cost even more.
- Use firewalls and antimalware software. Every network should be protected by a firewall, and your business should use effective, updated antivirus and antimalware protection. Don’t be afraid to contact an IT consultant to help you choose and install this protection. Malware is constantly evolving, so it’s important to have top-level security software.
Unfortunately, there are no guarantees when it comes to data security. You can take all the proper preventative measures and still be breached. That’s why Healthcare Cyber Liability Insurance was invented. It helps you pay for the expenses of your data breach response. This may include reimbursement for lost profits, customer outreach, credit-monitoring services, damage-control marketing campaigns, and more.
To learn more about your insurance options, contact an agent that specializes in healthcare small business insurance at 1-800-688-1984.