Did you know 2015 counted over 11 million personal health information breaches in the US? This information is of incredible value to hackers. Who have no shame in using it for health related fraud like fake claims.
This is not something healthcare providers and patients a like want to worry about on a daily basis. However, the rise of healthcare technology has made patient data security more important than ever. Healthcare institutions are welcoming technology solutions with open arms. They see the benefits of solutions like patient entertainment displays, computers on wheels and EHR software. But adopting technology in hospitals means taking the right measures to enjoy technology in a safe way.
The alarming number of breaches last year have inevitably made network security and patient data security one of the biggest concerns for healthcare providers. Trends show that hackers start putting their eggs in the personal healthcare information (PHI) basket. PHI is 10 times more valuable than credit card data and is about 100 times easier to get a hold of. Win win for the hackers right?
PHI contains vital information like name, age, gender, address, social security number, insurance information and personal medical history data of patients. Hackers use this information to make fake IDs, buy drugs or even apply for forged insurance claims.
“Hackers make up to $ 100,000 from stole personal health data”.
We want you to become aware of personal health information. And how important it is to have a strategy in place to protect it.
Read through this simple breakdown and realize the importance of securing patient data today!
The Value of Patient Data
As said before, personal health information results in 10 times more profit than stolen credit cards. What is the logic behind this?
- First of all, patient health data gives the bad guys more time than credit cards do. Patient data is permanent and cannot be changed. While credit cards often get cancelled and replaced as soon as the owner realizes it is missing. Credit cards require quick action where personal health data doesn’t.
- Then there is the question of what you can actually buy with personal patient data. Patient health information serves many more purposes than credit card information does. Cyber criminals use patient data for high value purchaseslike fraudulent insurance claims, medical equipment and even drugs. Credit card data will only allow them to buy retail items. Much less valuable in the long run.
Collecting Patient Data
For hackers one thing makes personal patient data a winner over credit card information. It is surprisingly easy to get! Healthcare providers struggle with the thin line between keeping patient data secure and making it easily accessible to patients. This conflict leaves gaps, making patient data security the proverbial afterthought.
But why is patient data more difficult to secure?
- Personal patient health information is digital and stored on hospital’s WiFi networks. This makes all the information available for the one hacking the network.
- There is a lot to take. Millions of people are covered by health insurance, so lots of options to pick from.
- Patient data is designed to be easily accessible. Especially in case of an emergency. This makes patient data not only accessible for care staff, but for cyber criminals as well.
- Personal health information is meant to be shared. There are rules and regulations that require patient data to be shared with other providers.
The Solution: Securing Patient Data
Here is the strange thing. Healthcare providers are fully aware of patient data risks. However, network security in hospitals ranks near the bottom. Even more when you compare it to other industries that deal with sensitive information. Network security and patient data security continues to take a back seat. It usually doesn’t come out a winner with questions like ‘do we spend our budget on better network security or should we buy that new MRI that will bring in more patients?’. It’s not new that income generating budgets have more priority than network security improvement. We understand it’s the last thing healthcare providers even want to think about. Yet, this has to change.
Patient data security should be seen as an asset. It’s part of the business and should be included in the overall risk management process. Just think about it. Healthcare is there for patient safety and well-being. Patient data security is a big part of that. Securing personal and sensitive information of your patients keeps them safe.
Patient data security is an asset that keeps patients safe.
The bottom line is this.
Hospitals should realize the importance of healthcare, financial and patient data security. Protecting sensitive information requires a combination of employee education, physical security and smart use of healthcare technology.
Consider these 7 best practices for healthcare and patient data security.
1. Secure Wireless Networks
Hospitals, like any other business rely on wireless routers for their networks. The downside is the security risks these wireless networks present. If the hospital relies on outdated technology these networks are extremely easy to hack into.
The solution for this is easy.
Healthcare providers need to make sure their routers and other components are kept up to date. Network passwordshave to be secure and changed regularly. And unauthorized devices need to be blocked from accessing the network. These are the first steps to securiting patient data in your hospital.
2. Protect the Network
Cyber criminals use a variety of methods to gain access to a hospital’s networks. The hospital’s IT department therefore needs to use a variety of methods to keep them out.
Many healthcare organizations spend a large portion of their budget on perimeter security. Like firewalls and antivirus software. Meanwhile, experts warn hospitals to also adopt damage control technologies for when attacks do occur. One thing hospitals can do to protect their network and patient data is to separate networks. That way an intruder in one network area doesn’t have access to data stored elsewhere.
3. Educate Staff
Medical staff is involved in healthcare data breaches more than you would think. This could be due to negligence or even malicious actions. Focusing on employee education is therefore a prime focus.
This could include:
- Lessons in avoiding phishing, social engineering and other attacks
- Training on how to choose a secure password
- Advice on what is and what isn’t a violation
4. Write a Mobile Device Policy
Personal mobile devices are integrated in everyone’s day to day life. This includes the work life. Many employees use personal mobile devices to do their work.
This leads to the need for a structured mobile device policy.
What data can be stored on the device?
And what apps may be installed?
Staff’s mobile devices could be the entrance to a security breach. Regulating the use of these devices is a huge step towards securing patient data.
5. Implement Physical Security Checks
Even though a lot of personal healthcare information is now stored digitally, many hospitals still keep a lot of sensitive patient data on paper. Physical protection of this data can therefore not be forgotten. Ensure doors and cabinets are locked and that cameras and other physical security measures are in place. The IT department can additionally lock server rooms. And use cable locks to secure devices to furniture to further secure healthcare and patient data.
6. Patch Electronic Medical Devices
There is a life changing trend showing in healthcare technology. Wearable technology. Wearable devices that can measure blood pressure, heart rate and other vital signs. Implementing this incredible health technology does require hospitals to take care of software updates as well. This will minimize their vulnerabilities and risk of being hacked.
7. Have a Patient Data Breach Response Plan
Hospitals can take all the necessary precautions and measures to keep patient data secure. However, it is unlikely a healthcare organization will ever be able to completely secure themselves against an IT security incident. That is why it’s important to have a plan in place in case a breach does occur. Better safe than sorry!