2019 Healthcare Cybersecurity Threats Put Millions at Risk
Security breaches have compromised more than 25 million patient records in 2019. What should you know about the importance of cybersecurity in healthcare?
Healthcare Cybersecurity
A little more than halfway through 2019, security breaches in the healthcare sector have increased dramatically over the previous year. More than 25 million patient records have been compromised so far this year, compared to approximately 15 million in all of 2018.
The 10 largest data breaches so far this year have compromised more than 200,000 records in each instance, with many of the security infringements continuing for lengthy periods. In addition, responsible parties failed to report at least some of the breaches within the 60-day period mandated by HIPAA.
What is the state of cybersecurity in the healthcare industry in 2019, and how can you protect your private patient data?
The State of Healthcare Cybersecurity Threats in 2019
If the staggering number of breaches continue, 2019 may prove the worst year so far for the state of healthcare cybersecurity threats. In many cases, breaches occurred as the result of phishing attacks on third-party vendors.
An average of 37 breaches has been reported each month so far in 2019, with breaches in April and May alone exposing the protected health information of nearly 2 million people. A major data breach — resulting in the exposure of more than 1.5 million health records — occurred in May when Immediata Health Group accidentally made public a web page containing protected health information.
In June, news broke of an even bigger breach of protected health information. New Jersey medical lab Quest Diagnostics confirmed that a breach of a third party, American Medical Collection Agency, had exposed the records of as many as 12 million patients. In addition to protected medical information, the breach also affected financial information and Social Security numbers, which could leave patients vulnerable to various forms of financial fraud.
Based on the numbers of healthcare cybersecurity threats alone, the recent breaches don’t compare to previous data theft incidents. The 2017 Equifax breach, for example, compromised financial details of some 143 million people. However, medical breaches can result in serious consequences for consumers, because theft of medical information increases vulnerability to phishing — with hackers posing as credible sources to persuade victims to give up sensitive information.
The Importance of Cybersecurity in Healthcare
Protected health information serves as a valuable commodity for hackers because it can be used for years before patients — or medical providers — learn of the compromised data. Cybercriminals can use the information to commit identity theft as well as gain access to prescription drugs and medical services in victims’ names.
As more hackers have become aware of the ongoing potential value of patients’ private health information, the frequency of attacks has increased. What are some steps you can take to protect the privacy of your patients as well as the reputation of your organization?
- Promote awareness of the importance of cybersecurity in healthcare. Employees should understand the basics of phishing attacks and should learn not to trust the validity of emails simply based on the apparent sender. Today’s sophisticated phishing attacks include the use of similar “cousin” domains, enticing subject lines, and incorporation of personal information to persuade individuals to click on malicious links that can compromise sensitive data.
- Create a sound backup system. Before disaster strikes, ensure that your healthcare organization has a multi-level backup strategy in place. In the event of a cyberattack, your team can remain operational by pulling needed patient data from your backups. Be sure that backups occur on a regular basis; larger organizations can schedule backups by department to avoid bogging down your network.
- Conduct frequent audits. Regular audits of your data systems can help identify problems before they compromise your patient information. When audits find vulnerabilities, take action to correct them immediately.
- Choose third-party companies carefully. Healthcare cybersecurity threats often occur because of insufficient security systems in third-party service providers. To select a third-party vendor that fully understands the importance of cybersecurity in healthcare, conduct a thorough background check, including a professional evaluation of the security systems in place and the potential risks to your protected healthcare data.
To learn more about HIPAA IT Consulting or to schedule your no-obligation assessment, please contact San Jose computer company Veltec Networks at (408) 849-4441 or email us at info@veltecnetworks.com.
