From 2015 to 2017, 955 major security breaches resulted in the exposure or theft of 135,060,443 health records. That represents more than 41% of the U.S population.
During those same three years, the number of healthcare-related security incidents rose 27%, coming to a rate of close to one incident per day.
2018 saw no improvement. HIPAAJournal.com demonstrated how vulnerable some healthcare organizations are to security breaches. In 2018, over 13 million patient records were breached, more than double the amount from 2017.
What’s more is that, as many healthcare organizations have painfully learned, the trouble is only just beginning when the cyber-attack occurs. The resulting costs, mostly around lawsuits, can be staggering. In 2018, the average HIPAA settlement was around $2.6 million.
Two obvious questions are: how are the hackers getting in, and what can we do to stop them?
The 3 Main Causes of Healthcare Security Breaches:
- Hacking/IT Incidents
- Unauthorized access or disclosures
- Loss/theft of devices or records.
The largest breach to happen in the past 4 years was a hacking/IT incident where Anthem, Inc. lost over 78 Million patient records. Their data was being mined for an entire month before the breach was even discovered.
Out of those three causes listed above, HIPPA Journal goes on to report that hacking/IT incidents has been the most damaging and the one that has been consistently increasing year over year, but that loss/theft incidents are trending downward due to encryption of portable devices.
With hackers deploying increasingly sophisticated attacks, healthcare organizations are taking great pains to get on top of security operations, like moving to the cloud. Corinne Smith, a healthcare attorney with Clark Hill Strasburger, said, “moving to the cloud doesn’t end a healthcare providers liability, but it does limit the need for engaging an army of IT Professionals.” This means that a move to the cloud is a tool for dealing with cyber-attacks, but it shouldn’t be looked at as the end-all-be-all solution.
Healthcare IT Organizations Are Turning to ServiceNow
Aptris has helped many healthcare customers utilize ServiceNow to provide a cloud-based platform that integrates with IT, allowing them to promptly manage security incidents that come in and iron them out with ease. ServiceNow’s Security Operations solutions provide visibility, automation, and the ability to respond quickly and effectively. Customers report responses that used to take days can now be done in minutes.
But what about that problem of unauthorized access or disclosures? Often, this takes the form of information coming in front of people for whom it was not intended: social security numbers, birth dates, and other Personally Identifiable Information (PII).
Aptris developed an application within ServiceNow to address that issue: SmartPDC. The SmartPDC application gives healthcare organizations the highest level of data redaction possible. Whether it’s redacting certain patterns (SSN, phone, etc.), keywords or phrases, or specific types of attachments—if a user doesn’t have access, they won’t see it. SmartPDC means you can easily and consistently control exactly who sees what.
Do You Need a Security Checkup?
Aptris has helped some of our nation’s leading healthcare organizations improve not only their delivery of IT services but also their security against data breaches. If you want to learn more about how we can help guide you through the process, or if you’re interested in SmartPDC, get in touch with one of our Healthcare IT specialists today at (815)-847-3700 or by clicking here.