According to Kelly Yee, Vice President at Penango, the secure web-mail and encryption company, hackers are willing to pay 20 times more for medical information than credit card information! The main reason is medical records are a smorgasbord of information, including social security numbers, personal information, and medical history. With information like this they can apply for credit cards, gain access to prescription medication, and much more.
With the valuation of stolen credit card information going down and with everything pointing to hackers focusing on medical information, 2014 has shown that now is past time to put every effort into protecting the data. As in my previous post (2015 – The Healthcare Hack), 2015 is only going to get worse.
Here are some interesting numbers to chew on…
- 42% – The percentage Healthcare and medical breaches make up out of ALL breaches in 2014
- 600% – The percent increase in attacks on hospitals. (source Websense)
- 5 million – Community Health Systems of Franklin, Tennessee, had 4.5 million patient records, including social security numbers, stolen by a Chinese-based hacking group.
How to protect your organization…
The good thing is that there are standards out there provided by HIPAA (Health Insurance Portability and Accountability Act) compliance. If followed these guidelines can reduce the threat. Unfortunately nothing can completely eliminate the threat.
However the flip side is that if you are not following the guidelines to become compliant you can have the impact of a breach hit even harder as you will be open to fines and lawsuits.
- Have a third party risk analysis performed annually
- Have proper Policies & Procedures in places
- Proper training for employees
- Proper enforcement of Policies & Procedures
- Implementation of Risk Management Plan with records of compliance activities and security issues
- Business Associate Agreements implemented with requisite suppliers/providers
- Established Breach Protocols and Notification Processes
- Automated vulnerability assessment of all networked devices
- Protection of ePHI (medical information) through encryption while at rest and in motion
- Independent 3rd party continuous security monitoring
Want to see how compliant your organization is? Take the HIPAA Quick Check by going here! There is no sign up and results are anonymous.