Preventative Care against Data Breaches for Healthcare SMBs

medical data breach
  • February 14, 2017
  • Print This Post

Overall, the number of known data breaches increased 40% in 2016 compared to 2015, according to an Identity Resource Center report. The healthcare sector alone suffered hundreds last year, making it the industry most at risk in our nation, per both the Ponemon Institute and Trend Micro. Some security consultants estimate that one in every 10 U.S. healthcare organizations suffered at least one data breach during the past two years.

Why healthcare? Because every healthcare business collects sensitive patient data, including Social Security numbers and payment information. Small providers and other small to mid-size healthcare practices can be easier to hack than big insurers. In 2016, nine of the top ten healthcare data breaches happened at providers of some kind. With data from mandatory HIPPA compliance reporting, the average cost of those breaches is calculated in a range from $2.2 million to $4 million.

Complicating the matter is human error. People make mistakes – losing a thumb drive, laptop, hard drive. They use simple passwords and don’t change them. They accidentally invite in malicious programs, clicking on a link in an email that seems authentic, or on a popup. In a healthcare operation, human security gaffes can drain as much as 4% of revenue.

Technology also creates gaps. Unsecured devices have network access. When backup systems and databases get outdated, they’re easier to hack. And viruses and malware evolve continually, making it harder for healthcare SMBs to stay current.

And then there’s the laborious process of vetting the security practices of the expanding constellation of vendors, contractors and business associates orbiting any modern healthcare business. Catching all the vulnerabilities is no small task for any size organization.

How do you cope? Here’s a regimen of preventative care:

Start by educating staff – A recent study featured in HealthData Management suggests your organization can decrease security risk by as much as 70% by increasing awareness of the pivotal role employees play:

  • Educate all employees on all data security rules. Only 46% of companies require this type of training, and only 60% require it after a breach.
  • Regularly remind staff to use strong passwords that shouldn’t be shared.
  • Hand out and hang up examples of suspicious emails that look legitimate.
  • Reward employees for being proactive about security. And consider penalties.
  • Hold a series of small lunch-and-learns where a cyber security specialist walks employees through best practices and answers questions.

Prioritize spending in your technology plan

  • Don’t skip basic steps like current protection software and a trusted firewall.
  • Check your virus detector for a password generator and teach employees to use it.
  • Secure and encrypt access points to data – mobile devices, the network, emails and documents.
  • Limit where and when employees access sensitive data to keep out hackers.

Feeling overwhelmed? An IT Managed Services Provider (MSP) that specializes in healthcare firms can help you develop and direct your security plan, including response. Ask your MSP these questions to assess readiness.

Need Help With
Your IT?

Find a Location


Need Help with your IT?

Find a Location
Near You.


into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter


ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.