Healthcare Breaches not a Fad
Posted: September 6, 2017 to Compliance.
Since 2016, it has become increasingly obvious that cybercriminals have chosen healthcare providers as their prey of choice. Since the beginning of 2017, the Office of Civil Rights (OCR) has reported nearly 200 serious (500+ patients impacted) healthcare breaches, a number that is well on its way to exceeding the 230 breaches reported last year. Hopefully this will provide the industry with a wake-up call. Not only are organizations financially impacted, via government fines and lost business revenue, for exposing their patients to these types of breaches, but it also negatively impacts the trust patients have in their providers. What happens after a breach? According to HIPAA’s “Breach Nnotification Rule,’ when a healthcare provider, or its records (or any third party) providers falls victim to “serious” cyberattacks, they are required to report to the OCR, and to notify patients within 60 days of discovery, in addition to disclosing the breach to the media and publicly posting the details. Why do breaches occur? Hackers are resilient. When they first started to occur, the main culprit was poor encryption practices. Over the past two years, however, successful phishing campaigns are all the rage, accounting for approximately 75% of all breached data. far more patient records, accounting for 75% of compromised records. How can healthcare providers stay safe? Strong passwords and two-step verification processes are highly recommended, in conjunction with ongoing staff training and simulated phishing attack testing.
