Data breaches are a growing problem for IT security professionals across various segments of the economy as cyber criminals infiltrate security systems undetected and steal valuable corporate and customer information. Last year, the nationwide data breach experienced at Target retail stores compromised the personal and financial information of a combined 110 million customers during the busy holiday shopping season, the New York Times reported. While data breaches in the retail industry may grab the most headlines, security issues found in healthcare organizations could leave them even more vulnerable to being targeted by cyber attacks and exposing protected health information (PHI).
A recent study by IT security firm BitSight found the healthcare sector might be the hardest hit by data breaches - even more than the retail industry - as hospitals and other organizations are being increasingly attacked, yet have the slowest response times compared to other industries studied. Whether the health organizations are small/rural hospitals or large medical clinics, medical care facilities need to be prepared when it comes to IT security and data protection measures to prevent data breaches.
Risk of healthcare data breaches growing
The healthcare sector has recently become the most targeted industry for cyber attacks, according to nonprofit Identity Theft Resource Center. Of the cyber attacks that occurred in 2013, almost 44 percent happened in the healthcare sector with 269 breaches. Not only are these attacks happening more frequently, they are affecting a large amount of patients with every breach. About 87 percent of these breaches had impacted more than 500 people, according to mandatory reports to the U.S. Department of Health and Human Services (HHS).
American Medical Association (AMA) Board President Robert Wah recently warned healthcare organizations that they should brace themselves for breaches that may become as big as the event that happened at Target. Other healthcare industry leaders also recognize that cyber criminals are actively seeking out loopholes in healthcare facilities' IT security systems. This is because they can take personal identifying information stored in this system - patient names, addresses, Social Security numbers, as well as financial data - to commit credit card fraud, identity theft or sell the data on the black market.
Healthcare IT security crucial
With the risk of healthcare data breaches growing, organizations need to be able to respond quickly to prevent sensitive data like PHI from being stolen by unauthorized users. They not only need to be able to thoroughly investigate the cause and scope of the breach, but also to determine what measures they need to take to stop IT security vulnerabilities that cyber criminals may be able to exploit.
However, the healthcare sector may be lacking in their ability to remediate data breach issues. According to the BigSight report, the time it took for healthcare organizations to respond to breaches of security and fix issues in their systems averaged more than five days - more than retail and utilities with an average of four days and finance with 3.5 days.
To raise awareness about the risk of security breaches, the Federal Bureau of Investigation (FBI) issued a notice to healthcare organizations to improve their IT security systems as they may not be fully protected against cyber attacks. The notice said that the healthcare industry is not as prepared against cyber attacks when compared to the financial and retail sectors, putting medical organizations at risk for unwanted intrusions.
To avoid HIT breaches and the potential for very significant fines, healthcare organizations should strongly consider reviewing the federal security and privacy regulations set out by the Health Insurance Portability and Accountability Act (HIPAA) and also look into engaging the services of an experienced IT security firm specializing in healthcare IT, such as Netgain.