As if you didn’t have enough on your plate, small healthcare business owners – with all that life-saving work you do – the Insurance Journal reports that your patients’ health records can fetch a pretty penny on the black market – about ten times the rate of a stolen credit card, to be exact. This explains why the annual survey by the Ponemon Institute found that cyber attacks on healthcare organizations has risen to 40 percent in 2013 from 20 percent in 2010 – a 100 percent increase.
That means, in addition to all the other work demands you must contend with, you also have a pesky target on your back.
Let’s take a look at why health records are so lucrative and what healthcare professionals can do to keep their valuable information away from prying eyes.
Why Healthcare Providers Are Top Prey for Hackers
A healthcare provider’s cyber vulnerability is a perfect storm that involves…
- Outdated systems. For many healthcare professionals, investing in security takes a backseat to investing in the latest medical technology. After all, there’s only so much room in your budget. Unfortunately, this means healthcare providers often forgo firewalls and building encryption into software that manages electronic patient records or budgets.
- Lax security. Human error is almost always a factor in data breaches. If employees can use their own devices on your health business’s secure network, they could inadvertently download malware that infects your system. A thumb drive with patient records could easily be stolen or lost. And if data on those devices isn’t encrypted, the finder can easily access all that information and sell it off to the highest bidder.
- A wealth of personal information. A single health record includes names, birth dates, policy numbers, diagnosis codes, and billing information. When that information is stolen and sold, frauds can use the data file to fake claims with insurers or buy medical equipment or drugs that can be resold. There’s no limit to what a criminal mind can do with someone else’s complete identity and a little imagination. Each record can sell for about $10 each, and when the criminal has access to thousands of records, the payoff speaks for itself.
To learn more about the risks healthcare businesses face, read, “Allied Health Professionals: Why Your Data Isn't Safe.”
Locking Up Shop: How to Protect Patient Data
You already know that exposing patient data is more than just a headache for your business. Federal HIPAA and HITECH laws demand that you protect confidential health information. The following tips can help you comply:
- Beef up your passwords and change them regularly. Make sure your passwords use letter and number combinations with special characters. And be sure not to use the same password for all your important accounts. Each one should have its own password that is changed every month or so.
- Keep personal devices off your network. The only computers and devices connected to your network should belong to your business. Be sure that employees don’t take these devices home or use them anywhere but on the secure network.
- Encrypt your data. Encrypted data is nearly useless without the encryption key. Though data breaches always cost money to fix, the chance of identity theft decreases dramatically with encrypted records. Be sure you encrypt all patient records, financial data, and passwords. And don’t forget to keep the encryption keys in a separate location.
- Invest in firewalls and antimalware software. Though your budget is probably already stretched thin, know that a data breach will cost you hundreds of thousands in regulatory fines and cleanup costs. That’s why you should ensure your network has a firewall and that your antivirus software is up to date.
- Train employees on how to avoid potential cyber threats. Teach them about malware, spear phishing scams, and other ways hackers try to access secure networks. (You can learn more about that here: “Data Security: When Malware Training Could Save You Thousands.”) Regularly review HIPAA and HITECH laws and compliance issues with your staff, too.
It seems these days, you can never be too careful when it comes to protecting your data. That’s why, in addition to these safe practices, all healthcare businesses should carry Cyber Liability Insurance. This coverage steps in after a breach to help you pay for…
- Notifying affected parties about the breach.
- Implementing credit-monitoring services.
- Repairing your business’s reputation.
- Negotiating with cyber extortionists.
To learn more, check out our post, “4 Reasons Your Business Should Have Cyber Liability Insurance.”