In 2015, more than 750 data breaches occurred. In this, the top seven of which opened over 193 million personal records to fraud and identity theft. Moreover, the top three breaches of data security were from the health care industry. In evidence, healthcare is important and keeping information on patient secure and confidential from the external world is quite vital to continuing the care process effectively.
In June 2016 alone, more than 11 million health care records were exposed because of cyber-attacks. The average cost to health care organizations per record breached is $355, compared to $158 per lost or stolen record in other industries; thus, these breaches not only take away vital patient info but also cause major harm financially.
According to the HIPAA journal, 91 percent of cyber-attacks come from phishing emails. Moreover, often phishing emails are personalized as they may come from somebody who is ostensibly a business associate, with an urgent subject line and an attached document that allows a virus infection. The more these emails get opened and tossed around internally, the wider the gap becomes for the hacker.
More effectively, it is those people with large workloads are more likely to blindly click on these emails. This in turn, leading towards better access by getting the professionals who are the in the highest demand (as measured by their email income). In order to remedy this problem, proper training is required for maximal computer literacy. In other words, the key to dramatically reducing security breaches is keeping a watchful eye on the major threats of ensuring medical information safety.
mHealth (mobile devices)
As there are so many health and wellness programs & procedures becoming available on mobile devices, hospitals and clinical practices must be aware of the threat of security breaches and hacking of health data. As information, in the digital world that we live in today, can easily be passed around effortlessly through mobile technology, the threat of a breach is alive and well through mHealth more than ever.
Doctors, nurses, and hospital staff are using tablets and mobile devices, and so are patients and visitors. Taking into account that danger lies on both sides of the medical system, internally and externally, mobile health needs to be monitored appropriately in order to alleviate any negative openings.
Through those internally and externally involved directly with a patient, a personal identification number would be best suitable and most safe when dealing with health care. In this, only authorized users are able to access and see important patient information and access it accordingly. Moreover, by keeping track of which user is in access with medical documents, this allows for a strong general understanding of which individuals deal with a patient’s medical data on a daily basis. Through this, the gap for unexpected intrusion becomes much narrower.
Internal misuse
According to Becker’s Hospital Review, a total of 50% of security breach incidents in the healthcare industry in 2013 were caused by insider misuse. Essentially, these are mistakes and errors that happen internally, and unfortunately, many mistakes are not accidental. Essentially, this includes instances in which employees of an organization steal property or data or commit other crimes.
Surprisingly, the reason insider misuse stands out in the healthcare industry is because of the amount of people who get jobs in the industry for the sole purpose of infiltrating the system and gaining access to patient health information. They typically steal this information to gain access to money or in order to commit tax fraud. Once one is in the medical industry, the value and opportunity to steal quality data could entice the wrong types of people.
To prevent this insider misuse, it is important that organizations audit all devices used by staff members. By keeping track of all technological tools used by the medical staff, this allows for a strong understanding of which professionals are using which devices, as well as the extent to which they are using them. Healthcare providers need to be vigilant in their efforts to monitor access to patient information, and audits can be a reliable way to see who has accessed what information.
Unintentional Actions
That being said, mistakes do happen and these mistakes could be and do happen to accidental every now and again. Information does not always get breached or misplaced on purpose. Becker’s Hospital Review reveals that in 2013, unintentional staff actions causing a compromise in patient data security accounted for 12 % of security incidents in the healthcare industry.
These mistakes, altogether, could be caused by simple slip-ups which include misplacing a patient’s chart, or a security system underperforming. Old computers may not read information very well and aged technology could be an unfortunate opening in miscommunication in medical data.
Conclusively…
All in all, mistakes do happen, whether they are intentional or unintentional, mistakes happen. Breaches are a serious concern and it is important to be aware and well organized when having internal and external parties use and have access to medical data.
Health care institutions, business associates, and health care technology purveyors all need to keep lines of communication constantly openly analytical in order to stay focused on evolving security for innovative solutions. As medical information breaches leave a lasting stain logistically and financially, it is best to take the most secure steps to create the most secure environment.
Overall, as medical organizations continue to invest in protective measures, this will not only secure medical information for today, but for generations to come.
Gabriel Pugliese, 2018