Author: Jennifer Rouse
Look to your left and look to your right. One of you will be the victim of a healthcare data breach this year. Shocking, right? According to the Ponemon Institute, over 94% of healthcare providers have experienced some sort of data breach, over 50% have experienced five or more data breaches, and in 2016 alone, over 112 million medical records were compromised.
Turn on the news any day of the week and you will hear debate after debate about the state of healthcare in the US and across the globe. As Darin Brannan, CEO of ClearDATA puts it: “We are experiencing the Fourth Industrial Revolution, which is characterized by a range of new technologies that are fusing the physical, digital and biological worlds, impacting all industries. Healthcare is the lead industrial area in this revolution, and rapid digital transformation is one of the major catalysts for change in this industry.”
This brings about an opportunity for advancements in care from speed of data for effective triage during emergencies to advanced DNA-specific medicines that would eliminate the numerous side effects of current drugs on the market. But with everything good, there is an inherently bad side as well, and in this case that is an ever-growing data security crisis.
Did you know that protected health information (PHI) is more valuable to cyber criminals than credit card numbers? The information in PHI includes data such as names, birth dates, social security numbers, insurance policy numbers, and even your personal medical record!
With this kind of massive data security crisis affecting an already taxed healthcare system, the government is starting to step in and slap huge fines onto violators. Recently, a healthcare network was fined $5.5M for a HIPAA violation. “We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management plan to ensure that patient data is secure.” – Jocelyn Samuels, Director of the Office for Civil Rights at the Department of Health and Human Services.
And it doesn’t stop there. Just this year, Anthem was ordered to pay $115 million to settle a class-action lawsuit stemming from a 2015 data breach in which the personal information of nearly 80 million members and employees was stolen. Although the breach was the result of an employee opening a phishing email, with the proper data security assessment and subsequent safeguards, the breach could have been prevented.
So, with all of this risk regarding PHI data, one would think that I would recommend securing it in a vault and not utilizing cloud or analytics software solutions. But…it’s just the opposite. Cloud technologies are actually very secure, and you have the added benefit of accessing multiple types of data quickly and efficiently to make better and faster decisions. The fact is that both on-premise and cloud data storage systems are hackable. The onus is really on healthcare organizations to start investing in data security solutions and to continually adapt to new threats. With digital transformation comes risk, and accordingly, healthcare organizations need to increase spending on data security, monitoring, risk assessments, and ongoing mitigation.
If you are a healthcare provider, you’re probably an expert in healthcare, but not data security. My advice is to let data security experts handle that part while you focus on delivering the best (and fastest) care possible. To learn more about cloud data security, try this whitepaper: https://www.cleardata.com/7-myths-healthcare-cloud-security-debunked/.
7 Myths of Healthcare Cloud Security Debunked