You are waiting patiently in the exam room for your doctor to return with the results of your physical exam and tests. You are nervous, wondering if the news will be good, bad or the same as the last visit. In a role reversal, the news for healthcare providers and related companies, unfortunately the news is extremely bad – especially when it comes to safeguarding all the private and personal data that they have access to from millions of Americans. Data breaches against and within health care companies are at the forefront of cyber theft and are on the increase.
Think of all the potential places that hackers could target to get private and valuable information when it comes to the health care industry: insurance companies, health care providers, pharmacies, and all the other ancillary companies and entities that provide products and services to stay healthy. All of these are regularly being hacked by thieves focused on stealing data and information from patients and doctors.A watchdog website, PrivacyRights.org has been keeping track of the breach statistics for various industries and businesses since 2005. So far in 2011, out of 480 breaches, the healthcare industry experienced 170 of that total. This is twice the number of breaches for any other industry that is listed on the website’s database. Most of the data breaches (50 breaches contained at least 4 million records!) happened after portable data devices went missing. Many of these cases were breaches of information on missing or stolen laptops and flash drives. This rise in healthcare data breaches is finally getting the attention of experts and governments. There are multiple government entities (both the Executive and Legislative branches) looking into the situation. In recent months, Congress has begun holding hearings to determine if there are any Federal measures that can be undertaken to reduce these breaches. As well, the Health and Human Services Department is undertaking some risk surveys to determine what procedures and best practices are currently in place within the healthcare industry. Here are some basic tips for IT professionals in the healthcare space: 1. Do an assessment and identify critical assets; 2. Prepare a risk management program and process for the organization; 3. Develop security programs and procedures that are proactive; 4. Identify, secure and protect the most valuable information, perhaps by using encryption technology and hardware; 5. Be proactive in responding to threats; 6. Leverage security as a business enhancement to the organization rather than an added expenditure; 7. Realize that data is never entirely secure, but knowing how to detect, effectively respond and then minimalize is the key and; 8. Utilize the U.S. government’s proper encryption methodology; this is the FIPS 140-2 standard. Let’s hope the next visit that your healthcare provider, pharmacy or insurance company makes to the Data Doctor, turns out to be a clean bill of health rather than the “patient” is in need of life support.