Healthcare organizations and hospitals are falling victim to data breaches, and the cybersecurity issue continues to persist. The healthcare sector is a major target of hackers who want to exploit confidential patient information. The main reason for healthcare data breaches includes hacking/IT incidents, with unauthorized access.
Health systems must maintain a tight security protocol. This can be done by incorporating security awareness training programs along with leveraging technologies that monitor access to medical records.
4 common causes of data breaches
- The use of weak passwords and when staff members fall for phishing scams.
- Insider misuse.
- Physical theft of data-carrying devices.
- Leaving old security vulnerabilities unfixed.
Recently reported data breaches
Evergreen Treatment Services suffered a data breach
The substance abuse treatment facility, Evergreen Treatment Services (ETS), notified the US Department of Health and Human Services of a potential data breach. The data breach could have exposed the patient health information of 21,325 individuals seeking care from the Washington-based substance abuse treatment facility.
ETS was quick to engage a third party to assess the breach. It was confirmed that an unauthorized party had gained access to its network. This exposed the patients’ names, addresses, social security numbers, and treatment information.
Kansas Health Clinic exposed to a data breach
Kansas Health Clinic experienced a healthcare data breach exposing some sensitive patient information including health insurance data, social security number, and treatment information. Third-party forensic specialists were hired who discovered suspicious activity on certain computer systems.
How can health systems mitigate data breaches?
The following strategies can be adopted by healthcare organizations to improve cybersecurity and reduce the risk of cyber-attacks:
- Conduct an annual HIPAA security risk analysis.
- Educate employees on existing HIPAA rules and regulations.
- Monitor devices and records.
- Encryption of patient data.
- Restrict access and manage user permission.
- Implementing two-factor authentication.
- Use of HIPAA-compliant Electronic Medical Records (EMR) Software.
- Update and replace outdated hardware.
- Create a sub-network for guests.
- Restrict the use of personal devices.
The occurrence of a data breach can be a disaster as there is an immediate financial impact on the health system and customers lose their trust. Therefore maintaining a tight cybersecurity protocol and framework should be the top priority of healthcare organizations.
