Data breaches aren’t just becoming more common; they’re also getting costlier. In 2018, the global average cost of a data breach reached $3.86 million, a 6.4% increase over the previous year. Meanwhile, healthcare providers and their business associates are compelled to deal with the highest costs per data breach than any other industry. With the cost of just one stolen healthcare record now standing at $408, up from $380 in 2017, it’s never been more important to get digital security and privacy back under control.
Why are attacks on the rise?
The amount of data being generated is increasing exponentially because businesses and consumers alike have become more reliant on technology. Digital data is now the driving force behind the global economy, which is why it’s caught the attention of cybercriminals looking to exploit more data and more connected devices. Attack surfaces have also expanded greatly with the rise of the Internet of Things (IoT), wearable technology, and smartphones. From a security perspective, this translates into a digital minefield.
Although cyberattacks are rife across all industries, the healthcare sector is one of the most popular targets for criminals. Most people assume that things like stolen payment card information are what criminals are after, but they don’t yield nearly the same level of profit as patient health information (PHI) does. Even just one PHI record can rake in $20,000 in profit, which is 10 times greater than regular identity theft. This is partly because PHI records include data like social security numbers and other sensitive information that can’t simply be changed with a quick phone call or canceled like a credit card.
Another reason why cybercriminals tend to favor healthcare companies is that they’re generally seen as easy targets. Infamous for being underfunded and having outdated support systems and equipment, hackers often have little difficulty finding vulnerabilities that give them easy access to confidential data. Other reasons include underqualified staff who understand little to nothing about digital safety and privacy practices.
How can you help stem the tide?
Every organization that handles PHI is legally obliged to adhere to the regulations of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). Unfortunately, the rules aren’t always very clear on exactly which administrative, physical, and technological safeguards businesses need to take. Organizations broad in their approach due to the constantly evolving nature of the technology environment, which means they need to learn the latest trends and standards. All robust security strategies start with a risk assessment, a regulatory requirement in itself. This involves conducting a thorough analysis of the existing infrastructure, including any potential vulnerabilities, the risks they represent, and the impacts of a breach.
What every healthcare organization needs is a single overarching strategy in which data security and privacy are integral components of their broader technology strategy. Cybersecurity isn’t something you can just tack on later and hope for the best. You need to implement a variety of technological controls, such as round-the-clock monitoring of all systems that store or transmit healthcare data. Other must-have solutions include a multilayered approach to security that includes firewalls, data encryption, intrusion detection and prevention, and antimalware.
Ultimately, protecting PHI isn’t a one-man job. Rather, it takes the entire organization to keep its systems safe, as well as the responsibilities of any third parties. By creating a strong security strategy that involves everyone in your company and creating a culture of awareness and accountability, you’ll be better equipped to stem the rising tide of cyberattacks.
Safebit Solutions provides technology support services to healthcare providers and their associates. Talk to us today to find out more about our comprehensive and tailor-made IT solutions.