Preventing data breaches is a critical task for all businesses these days, but it’s especially so in healthcare. No one wants to see health information disclosed, and the risks of a ransomware attack are enormous, literally putting lives at stake. And, of course, there are significant consequences under HIPAA.
Nick Culbertson, CEO and co-Founder of Protenus, reports that there were well over 700 breaches in healthcare in 2020. Over 40 million records were affected. It’s a staggering number, and one such breach exposed over 3 million records.
Breaches occurred in 49 of 50 states and Puerto Rico. In sum, nowhere is safe.
What can healthcare organizations — and others, too, for that matter — do to protect themselves? He recommends taking a layered approach. That includes security measures such as strong firewalls but also extensive training of employees, penetration testing and audit log monitoring. In sum, embrace multiple layers of defense that can protect against a wide range of possible mishaps.
In addition, as he explains in this podcast, it is important to take a broad view of the human risk elements. These range from snooping into records to find out if someone does or does not have COVID, to failing to dispose of paper records properly, to bad actors offering furloughed employees cash for their passwords and IDs.
One other area to protect against: breaches through business associates. With increased integration of providers and their suppliers comes dramatically increased risk. The largest incident in 2020 was the result of one such breach.
The bottom line, he reports, is that organizations need to invest more in their cybersecurity, but compliance and privacy teams also need to stay on the alert for simple, human failings.
Listen in to learn more about how to protect your organization.