As the healthcare industry accelerates into an increasingly digitized world, cyber breaches exposing confidential patient data are becoming more commonplace. In fact, according to the Department of Health and Human Services’ Office for Civil Rights’ breach portal, a staggering 44,993,618 healthcare records were exposed or stolen in 2021.
The implications of these security breaches are significant; they threaten not only health data integrity, but patient confidence in the healthcare system overall. One survey found that about half of consumer respondents were more likely to trust companies that reacted quickly to breaches or disclosed hacks of data to the public.
As a result, healthcare systems and companies becoming more proactive in safeguarding the data of their patients will be vital to the future of healthcare.
The Need to Prioritize Data Security
From patient data becoming more complex to security breaches becoming easier to conduct, it is paramount for healthcare executives to prioritize data security. Healthcare systems and companies possess data with an abundance of details on patients’ protected health history information, personally-identifying information and financial information.
This data alone makes healthcare systems especially susceptible to targeting. Furthermore, cyberattacks have gradually become easier to execute through tools such as malware-as-a-service, botnets and distributed denial of service.
Related: Hacker Used Malware to Delete 69,000 Patient Files at San Juan Regional
The accessibility of malware is only further facilitated by an increase in hospitals’ third-party partnerships, which serve as an additional entry path to data.
Lastly, the aftermath of cyberattacks poses a tremendous financial burden on healthcare systems and organizations. According to IBM Security’s 2020 data breach cost report, the average data breach cost healthcare organizations $7.13 million.
The impact of these breaches also extends to patient care; on average, a data breach at a non-federal acute-care inpatient hospital was associated with an additional 23-36 deaths per 10,000 acute myocardial infarction discharges per year.
Security Strategies to Take into Consideration
Fortunately, there are several measures can consider when implementing a security strategy that will prevent these pernicious attacks.
First, healthcare systems can ensure that their partner third-party healthcare organizations have protective measures against current cyber threats through trusted programs.
AICPA and HITRUST’s collaborative assurance program known as SOC 2 + HITRUST, for example, is a more reliable assessment than compliance with one or the other. Achieving this standard demonstrates an organization’s prioritization of the security, integrity, confidentiality, and privacy of the data it possesses.
Information Security Executives can also work to confirm that information technology suppliers are fully compliant with the HIPAA and HITECH laws, which establish provisions for securing confidential medical information.
Second, many healthcare systems use obsolete software that exacerbate their vulnerabilities to cyberattacks. By adopting and investing in modern Health Information Technology infrastructure, systems can minimize the potential for significant damage.
This also involves implementing more general data security measures, including encryption of all healthcare data stored, data recovery mechanisms, two-factor login authentication, and comprehensive workforce security training programs.
Formulating a complete security incident response plan with steps to identify, stop and evaluate a threat is also imperative to containing an imminent breach.
The Future of Healthcare Depends on Improved Data Security
Admittedly, organizations cannot be 100% protected from security threats. However, by prioritizing modern software and suppliers that share a zeal for information security, health systems can minimize their vulnerability relative to their competitors.
Although this may take a significant investment of resources, these investments also carry a significant ROI in terms of both dollars and improvement of the general public’s trust in healthcare systems.
Brian Foy is the Chief Product Officer at Q-Centrix, where he leads the product development and engineering teams, helping hospitals manage people and data to achieve measurable improvement in quality scores.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply