Despite the fact that good medical care requires meticulous record keeping and highly sensitive data, the industry hasn't focused much on cybersecurity until recently. Unfortunately, securing these records doesn't have an immediate, visible impact on patient care, and providers already have their hands full providing patients with quality service—but what if your practice was unable to access the technology and records that you rely on because a hacker was holding them hostage? Now the importance of cyber-security measures become much more apparent.
Ignoring cybersecurity has devastating consequences. According to Gemalto, a global digital security firm, the healthcare industry saw 263 data breaches during the first half of 2016. Comprising 27 percent of all breaches, this was the greatest number of incidents for any industry. Another article from Infosec Institute states that “stolen patient health records can fetch as much as $363 per record,” which makes it worth more than any other piece of data.” Credit card numbers, for example, only bring in a few dollars.
PHI and cybersecurity
The main target of these attacks is protected health information (PHI). As Medical Economics pointed out, PHI is often easier to steal than a person's banking information. Because health records contain so much data—name, date of birth, employer, insurance details, medications and more, they're incredibly valuable for fraudsters.
"They are virtually complete personal identity portfolios," Dylan Sachs, director of identity theft services at BrandProtect, said to Medical Economics.
Sometimes, instead of stealing patient information, hackers install applications known as ransomware that block a practice's access to their systems until the hacker receives a ransom. Specialty practices might not think they're a target for hacking because they have fewer records than hospitals and larger offices. However, no business is too big or small. In fact, according to the San Antonio Express News, Seguin Dermatology, an independent office in Texas, was recently the target of a ransomware attack.
Ransomware attacks are surging. A recent report says “ransomware attackers collected over $209 million from victims during the first three months of 2016 alone"—ten times more than the same time in 2015. Thankfully, many healthcare IT vendors offer cloud-based, or software as a service (SaaS), hosting for their applications, which can help protect against cyber threats.
How specialty practices can prioritize security
ClearData, healthcare’s leading HIPAA-compliant cloud computing platform, offers several tips for identifying and avoiding a ransomware attack. Hackers usually send the software as an innocuous-looking email attachment. Sometimes, these emails even have the name of a real practice, physician or vendor. When someone in the office clicks the attachment, the software automatically encrypts any file it finds, then displays a ransom notice and payment instructions.
The best way to prevent a ransomware attack is to train all staff on email security. Employees should verify everything in their inbox is from a valid sender and make sure they aren't clicking anything with a dubious attachment. In addition, practices should maintain up-to-date antivirus software, operating systems and computer applications. Vendors often release new versions of these products to address security threats.
Finally, in the event a practice is targeted by ransomware, having a thorough backup ensures physicians can restore and access the data they need.
Benefits of “The Cloud”
Cyber security is a vast undertaking that many small practices aren't equipped for and they do not have the in-house expertise to protect against the wide array of threats that exist today. Opting for cloud-based healthcare IT applications can help keep PHI and other sensitive information off their computers while still enjoying the benefits of mission critical healthcare IT solutions. These offices must make sure the partners they choose prioritize security and have backup systems in place.
ClearDATA and MedEvolve have partnered to offer secure, compliant software solutions, including practice management, business analytics and EHR. By leveraging ClearDATA’s HiTrust Certified cloud infrastructure—the healthcare industry's gold standard for measuring compliance and security—MedEvolve’s clients can rest assured their data is safe.