Interconnected digital health records are essential for healthcare companies to bring advanced benefits to their patients and customers, but the probability to lose data influencing vast numbers of people is great if organizations overlook data security measures. PHI (Protected Health Information) and PII (Personally Identifiable Information) like Social Security Number, Healthcare ID Number, Address, Birth Date, and Payment Information can be worth millions on the 'Dark Web'.
Healthcare has the second highest number of breaches following financial services, according to Verizon's Data Breach Investigations Report. The latest HIPAA data breaches figures show that last year the number of patient records exposed to attacks tripled. The statistics show that over the past four quarters a staggering 15 million records were exposed with the number rising every quarter, from just over 1 million records in Q1 to over 6 million records in Q4. The overall number of breaches was 503, the highest number recorded to date.
Data should be encrypted, both in static condition or transit. Data encryption prevents access to attackers who manage to breach other defenses and launch man-in-the-middle attacks. Data backups are essential in the fight against aggressive attacks using ransomware. After a successful ransomware attack, the only way to return systems and devices to normal is to restore them from a clean backup. Save business, medical, device, email, and other data on a regular schedule and maintain backups at multiple physical locations.
HIPAA, as well as other regulations, necessitate a disaster recovery plan for healthcare organizations and they need to act swiftly when a breach is found. They should have an action plan even if specific circumstances prevent it. Infringements of HIPAA guidelines and loss of consumer confidence can hurt business both in the short and long term. Loss of healthcare data is no longer a black swan moment and poses a high risk to both organizations and patients. Prevention is something every healthcare organization needs to be concerned about, with insider threats and malicious actors being the primary causes of data loss.