HEALTHCARE DATA BREACHES
Recently it has become obvious that we are all vulnerable to attacks by anonymous people on the internet who wish to hack into our lives and steal our private information for their own personal gain if we do not take the proper measures to protect ourselves. Hospitals and other healthcare facilities are goldmines for hackers looking to steal hundreds of people’s information at once. You would think that with all of this sensitive information in their files, hospitals would be highly concerned about the protection and security of this data. However, the Healthcare industry has become one of the most hard-hit industries when it comes to cyber security due primarily to the heavy amount of data breaches that have plagued the industry in recent years.
Data breaches have skyrocketed over the past six years, especially in the Healthcare industry, and things are looking worse, making us more susceptible to breaches of our own personal medical information—and we’re not the only ones who are afraid. In just one year, Healthcare professionals have grown 13 percent more worried about attacks on their databases; and with 59 percent fearing that the existing budgets set in place for protection against these kinds of incidents are insufficient, it is obvious that the Healthcare industry is struggling to keep up with the changing world of cyber security.
According to the sixth annual Benchmark Study on Privacy & Security of Healthcare Data conducted by Ponemon Institute, 89 percent of Healthcare providers fell victim to multiple data breaches over the past two years and one-third of providers were subject to anywhere from 2-5 breaches. Approximately 50 percent of these breaches were due to a mix of employee negligence, third-party snafus, as well as stolen electronics. When the study was conducted six years ago, the majority of data breaches were caused by these issues; however it is clear that today, responsible for the remaining half of these breaches, the number one cause of Healthcare data breaches is cybercrime.
One of the fastest growing, most devastating of these cybercrimes is ransomware and the Healthcare industry has taken more than its fair share of the brunt of this issue just this year. A few months ago, ransomware was found to be the cause of two Healthcare networks to be forced to take their systems offline, for fear of the issue spreading. Prime Healthcare Management, Inc. in California and Methodist Hospital of Kentucky were in a state of crisis when their networks were compromised by ransomware. While it seems that Prime was able to detect and handle the situation prior to any protected health information (PHI) being made vulnerable, Methodist was not so lucky. Reports say that they paid $17,000 as a ransom to regain access to their PHI files, while insiders claim that the amount paid could be significantly higher. This is one of the worst situations you could be in when dealing with ransomware, second only to your business being shut down. Prevention is a much better defense than reaction or negotiation with criminals.
Axiom can aid in these preventative measures due to its proprietary ransomware algorithm built into their Sentry firewall that would have been able to block these ransomware communication protocols at the firewall before criminals could have encrypted the PHI files. This would have saved Methodist Hospital of Kentucky thousands of dollars in ransom paid to criminals as well as their patients’ peace of mind.
When these Healthcare providers wish to combat ransomware, it is important for them to be aware of their HIPAA compliance. HIPAA HITECH requires that you have a disaster recovery plan and adequate backups, so HIPAA regulations have been a hot topic of discussion during this spike in Healthcare breaches. While some influential figures have questioned whether or not these breaches caused by ransomware are protected under HIPAA, it is conclusive that the industry is in dire need of revamping their approach to cybersecurity.
Axiom is able to help businesses in the Healthcare industry feel at ease by acting as their HIPAA Compliance Partner through providing them with professional and technical product services that include a HIPAA Security Assessment, Gap Analysis, Preparation and Certification as well as VOIP and 24-hour technical support.
If you’d like to find out more about what Axiom Cyber Solutions can do for you in regards to HIPAA compliance and protecting your business from cyber threats, please visit www.axiomcyber.com.