The healthcare sector is not immune to phishing attacks, patient data breaches, and cybercrimes despite the COVID-19 pandemic. According to the Protenus Breach Barometer, it was recorded that 41.4 million patient records were breached in the year 2019. Breaches are not slowing down which highlights the fact that the US healthcare sector is at risk from cyber attackers who don’t miss out on any opportunity to malicious cyber thefts. Until June 2020 a total of 92 data breaches have been reported. With the current situation, patients are using online health services such as telemedicine to receive care and avoid going to the hospital facility which is attracting more sophisticated cybercrimes and the threat keeps lurking in the form of unauthorized access and phishing emails.
The 5 biggest data breaches of 2020
- Magellan Health – 8 of Magellan’s Health affiliates were hit by ransomware attacks which impacted 365,000 patients. The breached information included, employee credentials, passwords, and patient insurance data.
- Ambry Genetics – Hacked via email which gave in 232,772 patient files in January 2020. Information such as medical information, names, and social security numbers were compromised.
- Tandem Diabetes Care – The healthcare company is known to develop medical devices for patients with diabetes. Unfortunately, an email breach through a phishing attack exposed the personal information of most of their patients. The information included personal health data, bank, and insurance details.
- Florida Orthopedic Institute – On July 1st the Florida Orthopedic Institute was exposed to a ransomware attack that breached the data of 640,000 patients as reported by HHS. That data that was affected included claims histories, diagnosis codes, payment amounts, and insurance plan identification numbers. The good news is that IT administrators promptly secured the system.
- Elite Emergency Physicians – A third-party company was used by the healthcare provider to securely dispose of patient records. Unfortunately the company, CentralFiles was unsuccessful in the task and personal patient files were found on a dumping site.
Fortunately, healthcare companies, hospital systems, and healthcare organizations can avoid data breaches by enhancing security and following all the protection protocols.
Strategies to avoid data breaches and improve overall cybersecurity
All weak spots in security must be identified before a cyber-attacker leap to take advantage of vulnerable devices, databases, and internal networks. Adopting a risk-based approach can help avoid data attacks in the future. It is also advised that devices and records are continuously monitored and employees must be educated to not leave any electronic devices unattended. Encryption of data is another intelligent way to up security and protect sensitive patient data from phishing attacks and ransomware attacks. Hardware devices such as medical devices, servers, and network endpoints should also be encrypted. If you are a medical provider purchasing a new Electronic Medical Records (EMR) software system for your practice then make sure with your vendor that the platform is HIPAA Compliance to secure patient records round the clock. It is the priority of healthcare organizations to keep patient data encrypted and safe from cyber-attacks. Data breaches are avoidable by having a proactive strategy and meeting all security etiquettes.