Healthcare Organizations Need to Check out their Security Posture
Interconnected digital health records are essential for healthcare companies to bring advanced benefits to their patients and customers, but the probability to lose data influencing vast numbers of people is great if organizations overlook data security measures. PHI (Protected Health Information) and PII (Personally Identifiable Information) like Social Security Number, Healthcare ID Number, Address, Birth Date, and Payment Information can be worth millions on the 'Dark Web'.
Healthcare has the second highest number of breaches following financial services, according to Verizon's Data Breach Investigations Report. The latest HIPAA data breaches figures show that last year the number of patient records exposed to attacks tripled. The statistics show that over the past four quarters a staggering 15 million records were exposed with the number rising every quarter, from just over 1 million records in Q1 to over 6 million records in Q4. The overall number of breaches was 503, the highest number recorded to date.
Check out: Top EMR/EHR Companies
Data should be encrypted, both in static condition or transit. Data encryption prevents access to attackers who manage to breach other defenses and launch man-in-the-middle attacks. Data backups are essential in the fight against aggressive attacks using ransomware. After a successful ransomware attack, the only way to return systems and devices to normal is to restore them from a clean backup. Save business, medical, device, email, and other data on a regular schedule and maintain backups at multiple physical locations.
HIPAA, as well as other regulations, necessitate a disaster recovery plan for healthcare organizations and they need to act swiftly when a breach is found. They should have an action plan even if specific circumstances prevent it. Infringements of HIPAA guidelines and loss of consumer confidence can hurt business both in the short and long term. Loss of healthcare data is no longer a black swan moment and poses a high risk to both organizations and patients. Prevention is something every healthcare organization needs to be concerned about, with insider threats and malicious actors being the primary causes of data loss.
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
By George Evans, CIO, Singing River Health System
By John Kamin, EVP and CIO, Old National Bancorp
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
By Sergey Cherkasov, CIO, PhosAgro
By Pascal Becotte, MD-Global Supply Chain Practice for the...
By Stephen Caulfield, Executive Director, Global Field...
By Shamim Mohammad, SVP & CIO, CarMax
By Ronald Seymore, Managing Director, Enterprise Performance...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
By Jim Whitehurst, CEO, Red Hat
By Clark Golestani, EVP and CIO, Merck
By Scott Craig, Vice President of Product Marketing, Lexmark...
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
By Amit Bahree, Executive, Global Technology and Innovation,...
By Greg Tacchetti, CIO, State Auto Insurance