Is Data Security a Priority for the Health Care Industry?
February 27, 2015 at 10:05 AM
The latest cyber attack on Anthem Health has everyone asking if the health care industry is doing enough to protect electronic patient health information. The second largest health insurance company in the U.S. estimated that nearly 80 million of its customers and potentially 1 million non-Anthem customers have been affected. Despite new tools allowing health care organizations to properly assess information security risks, we must wonder if any health care organization is prepared to defend against such high level attacks.
Right now there is an enormous amount of pressure on the industry to transition to a digital environment, one in which patient information can be exchanged with relative ease between healthcare stakeholders. Paper-based systems are proving both outdated and inefficient to meet the growing demands of today’s bustling medical settings. Despite the push to go digital, the privacy of health information remains a serious issue in the United States, and rightly so.
Since 2010, the number of criminal attacks on healthcare organizations has increased by 100 percent. Among health care organizations surveyed by the Ponemon Institute, 75 percent believed that the greatest threat to security was employee negligence. Yet these concerns about employee negligence has not resulted in changes in security policies. More than 80 percent of organizations surveyed permit employees and medical personnel to use their personal mobile devices to connect to their organization’s networks or systems, although most believed these devices were not secure.
Data from recent years suggests that these lax security measures has resulted in numerous and expensive data breaches. The Ponemon Institute, a research center that examines data protections, says breaches cost the industry upwards of $6 billion a year. Personal health records are particularly lucrative for data thieves as they include employer and bank account/credit card information as well as names and addresses. In 2013, the FBI estimated that single medical record went for $50 on the black market.
But medical records are not only stolen to be sold to third parties. Often times, cyber criminals may use stolen medical records to illegally obtain health services and medical goods. The affected must then deal with the physicians, clinics, insurance companies, and creditors to settle the subsequent financial aftermath. In many instances, the victim may lose their medical coverage, leaving them with costly out-of-pocket expenses to have their insurance reinstated.
As health data is increasingly digitized, patients continue to communicate concern about their privacy and losing the ability to control who has access to their health information. Data breaches in the health care sector are particularly calamitous due to the potentially life threatening consequences that may ensue.
While health care organizations have made great strides in adopting data security plans, more needs to be done. Making sure your employees understand the importance of security, keeping your antivirus software updated and ensuring you and your vendors understand and are in compliance with HIPPA security standards are just a few things health care organizations can do to safeguard client data. With medical identify theft increasing, protecting patient health information from security threats must be a priority for everyone in the health care field.