Misconceptions Lead to False Sense of Security

by | Sep 22, 2016 | Compliance & Security, Cyber Security

In mid-August, The National Law Review reported the Office for Civil Rights (OCR) announced it would focus more on smaller breaches, those affecting less than 500 individuals.  I think this reflects the growing concern that Small to Medium Business (SMB) are more vulnerable.  They are also less capable of detecting, responding to and reporting breaches.  IBM estimates that 80% of cyber thefts suffered by SMBs go unreported.  This is due to lack of detection, embarrassment, and fear of social media backlash.  Verizon Communications’ 2013 Data Breach Investigations Report found that close to 62% of data breaches that year were targeted at SMBs.

Industrial robot or some sort of battle bot with a heat gun ready for action.

I can confidently confirm these statistics based on experience.  Many small businesses have the false belief that they are “too small” to show up on the radar of cyber criminals.  Unfortunately, company size plays little in cyber criminals targeting your business.  Cyber criminals use an army of automated “bots” that search the Internet and probe business web sites for documented and unpublished vulnerabilities.

Another common misconception is that if they are breached, the chance of being identified as being breached by a third party is very small.  Of course, there is no accurate data on this issue, but rolling the dice on this issue can be very costly.  If a third party, patient or cyber sleuth, identifies your business as being breached, the announcement will be made via social media.  There is no ability to effectively defend your business or control the process.  Your practice’s cash flow and valuation will be adversely impacted. Even to the point where your business may not survive.  You will be audited by the OCR.  If they find only HIPAA “window dressing” such as just the HIPAA privacy notices posted with no substance behind them, substantial fines and penalties will follow.  Another nail in your business’s the coffin.

3d image Compliance concept word cloud background

If something threatens my family, I address the issue whether it involves replacing the battery in the smoke detector, replacing worn out tires on the car, or installing a burglar alarm.  Why risk your practice?  Your practice provides income and stability for your family and for your employees and their families.  Learn the risks threatening your business and address them.  Invest in HIPAA compliance.  Invest to protect your practice and your family.   Remember, the OCR has started enforcing imprisonment of individuals who steal PHI, even on a small scale.  There is an expectation the OCR will start enforcing prison sentences based on neglect to protect PHI.  That is to say, to neglect being HIPAA compliant or to neglect at least working on becoming HIPAA compliant could lead to a prison sentence.

Take our free mini-Risk Assessment to see how compliant you are.

Protect your patients, protect your practice, protect yourself.