Overall, the number of known data breaches increased 40% in 2016 compared to 2015, according to an Identity Resource Center report. The healthcare sector alone suffered hundreds last year, making it the industry most at risk in our nation, per both the Ponemon Institute and Trend Micro. Some security consultants estimate that one in every 10 U.S. healthcare organizations suffered at least one data breach during the past two years.
Why healthcare? Because every healthcare business collects sensitive patient data, including Social Security numbers and payment information. Small providers and other small to mid-size healthcare practices can be easier to hack than big insurers. In 2016, nine of the top ten healthcare data breaches happened at providers of some kind. With data from mandatory HIPPA compliance reporting, the average cost of those breaches is calculated in a range from $2.2 million to $4 million.
Complicating the matter is human error. People make mistakes – losing a thumb drive, laptop, hard drive. They use simple passwords and don’t change them. They accidentally invite in malicious programs, clicking on a link in an email that seems authentic, or on a popup. In a healthcare operation, human security gaffes can drain as much as 4% of revenue.
Technology also creates gaps. Unsecured devices have network access. When backup systems and databases get outdated, they’re easier to hack. And viruses and malware evolve continually, making it harder for healthcare SMBs to stay current.
And then there’s the laborious process of vetting the security practices of the expanding constellation of vendors, contractors and business associates orbiting any modern healthcare business. Catching all the vulnerabilities is no small task for any size organization.
How do you cope? Here’s a regimen of preventative care:
Start by educating staff – A recent study featured in HealthData Management suggests your organization can decrease security risk by as much as 70% by increasing awareness of the pivotal role employees play:
Prioritize spending in your technology plan
Feeling overwhelmed? An IT Managed Services Provider (MSP) that specializes in healthcare firms can help you develop and direct your security plan, including response. Ask your MSP these questions to assess readiness.