This article is the first in a three-part series from Third Rock, a leading HIPAA Compliance and Risk Management provider, explaining the magnitude and business impact of cyber security breaches as well as steps you can take to protect your records and your organization.
Recent headlines have reported that cyber breaches are occurring with greater frequency than ever before. Everyone is familiar with the cyber breaches of Target, Home Depot, JP Morgan, Sony, and most recently, the federal Office of Personnel Management. Over 230 million people were affected by these five breaches alone! One of these breaches may have personally affected you.
In 2015, healthcare companies have increasingly become the target of cyber thieves. Anthem BCBS, Premera, and UCLA Health alone have accounted for over 103.1 million healthcare records being compromised in just the first six months of 2015! To put this in perspective, in all of 2014, there were 333 healthcare breaches (almost one a day) affecting 8.3 million records.
So why the increased interest in healthcare records by cyber thieves? First, the introduction of security chips has made credit cards more difficult to abuse. Additionally, the value of a credit card is limited to the available spending limit on the card and that a credit card can be easily cancelled if compromised. The second, and more compelling reason is that healthcare records have unlimited theft potential and they are easier to obtain. A complete healthcare record includes a person’s name, address, phone number, birth date, social security number, insurance numbers – everything a cyber thief needs to steal someone’s identity. With this information, an identity thief can apply for an unlimited number of credit cards, car loans, mortgages, etc. In other words, healthcare records are much more valuable to cyber thieves on the black market than credit cards.
But why are healthcare records easier to obtain? Many healthcare organizations have been slow to improve the security of the protected health information (PHI) in their possession. While financial and business entities have increased their security spending in light of increased cyber-attacks, most healthcare organizations have not. Cyber thieves know this and are now exploiting this vulnerability, as evidenced by the 1175 percent increase in breached healthcare records so far in 2015.
HIPAA was significantly amended in 2009, in part, to address these security concerns, but many healthcare organizations have not yet implemented the required safeguards. This is where Third Rock’s Worry-Free Compliance solutions can help.
Next week’s article will discuss the financial impact of a cyber-breach for an organization and why it is so important to protect your data now. At the end of this series on cyber security breaches.
For more information on Third Rock’s Worry-Free Compliance, please visit us at: www.thirdrock.com
It seems to me that most health organizations are so behind that it is a treasure trove for hackers. I work as a temp nurse for several different clinics. I was absolutely shocked to see a front desk nurse put a personal USB into the computer she was working on to copy over music. I just hope that they had some kind of protection, but I doubt it. It does not even seem they were making much of an effort.
Anyway great article.