National Cyber Security Awareness Month is here! Started by the US Department of Homeland Security and the National Cyber Security Alliance 13 years ago, it's a collaborative effort between government and the companies protecting patient privacy to ensure that all Americans have the necessary resources and knowledge to stay secure online. See the full calendar of events here.
Throughout the month, we will share health cybersecurity tips to help ensure that every hospital is properly protecting ePHI.
The Role of Cyber Security in Healthcare
Cyber security has evolved into an increasingly-newsworthy topic in the past few years, with both 2016 Presidential candidates recognizing the issue as a top threat to national security during the first of this season's presidential debates. Industries that rely on vast amounts of individuals’ personal data (e.g., finance, retail, government, technology, defense and healthcare) need to be especially cognizant of cyber threats.
Cyber security is a relatively new concept in healthcare. Fifteen years ago healthcare leaders didn’t need to give much thought to this issue because patient data was stored on paper. However, the advent of electronic health record systems converted dusty rooms filled with patient charts into easy-to-query, centralized databases. This transition made patient data vulnerable to a host of new security threats from external hackers who can break into hospital networks and insider employee snooping in the EHR of the records of friends and family.
Today, 39% of cyber attacks are aimed at healthcare. It’s estimated that 89% of organizations have had their patients’ medical information inappropriately accessed over the past two years, and in 2015 alone, over 113 million patient records were breached. This becomes especially concerning when it’s acknowledged that healthcare severely lags other sectors such as finance and retail in implementing security measures to prevent data breaches. Healthcare institutions can expect to be a frequent target of attacks in the future.
Our Commitment to Supporting Healthcare Cyber Security
Cyber security is a big problem, and healthcare has unique challenges that make it especially vulnerable to cyber threats. At Protenus, we exclusively dedicate ourselves to protecting healthcare institutions, because we fundamentally believe that the unique complexities of this sector require a singular focus.
Here’s a “Top Five” reading list of articles on the best ways to protect hospital medical records:
- We highly recommend reading this report that the U.S. Government Accountability Office (GAO) released last month on the status of covered entities and business associates’ progress in adhering to HIPAA regulations. Spoiler alert: there’s a long way to go, and a lot missing from current protocols.
- Protenus’ August Breach Barometer report revealed that 8.8 million breached records were reported during the month, and 43% of the month’s breaches were due to insider threats. This monthly snapshot of healthcare data breaches offers insight into the harmful effects breaches have on patients and hospitals, and arms organizations with the information needed to strengthen their approaches to protect patient privacy in the EHR.
- The Institute for Critical Infrastructure Technology (ICIT) released a report that provides an up-close view into the deep web’s healthcare data markets, where hackers illegally sell records for hefty prices. It explains the logic behind the valuation of health records and offers predictions on the future of healthcare cyber security.
- The Brookings Institution published a report in May based on in-depth interviews with 22 healthcare leaders. The report examines recent breaches affecting the healthcare industry and the underlying factors causing these incidents in order to ultimately propose ways to prevent similar situations in the future.
- Our solution for HIPAA violation detection in EHRs replaces the traditional rules-based monitoring approach with advanced machine learning techniques that help hospitals receive proactive, personalized, precise and prioritized alerts. Read how we do it here.
Throughout October, we will share our expertise in healthcare cyber security through a daily Twitter tip to help strengthen your institution’s approach to protecting patients’ most valuable information.