Protecting patient health data is becoming a more pressing problem for health care organizations and their information technology departments. In 2017, 477 security breaches exposed 5.6 million patient records to external hackers and insider threats.[1]

The Ponemon Institute conducted a survey of health care organizations in 2016 and found 90% had experienced a data breach in the prior two years. Of those surveyed, 45% had experienced multiple attacks of more than five data breaches in that time period.[2]

Patient data breaches are costly, averaging $2.2 million for a direct target breach and more than $1 million for a health care organization’s business partners.[3] Data breach costs are higher in the health care sector compared to other industry sectors and involve the loss of sensitive data including an individual’s name, Social Security number, medical records, and possibly financial data such as credit or debit card numbers.[4]

Many health care organizations have been reluctant to report cybersecurity breaches, fearing bad publicity and a loss of public trust. Both the Department of Health and Human Services and the FBI have noted a trend of health care organizations either not reporting or under-reporting external cybersecurity breach incidents.[5]

Ransomware attacks increased substantially in 2017 across all industries, including health care. To comply with requirements of the Health Insurance Portability and Accountability Act (HIPAA), which strives to protect sensitive patient information, the Department of Health and Human Services now requires health care organizations to report ransomware attacks.[6]

Although breaches, malware and ransomware threats are increasing, insider threats remain an ongoing challenge facing health care organizations. Insider threats are the result of errors, inappropriate use of patient data, and deliberate wrongdoing. Insider threats are harder to catch and in some cases they have gone undetected for years.

Many health care organizations are developing rapid response plans to limit the damage and cost of data breaches. The use of encryption, data analytics and employee education programs also are proving effective in reducing breach incidents and costs.[7]

[1] “5.6 M Patient Records Breached in 2017, as Healthcare Struggles to Proactively Protect Health Data,” press release issued by Protenus on its 2017 Protenus Breach Barometer report, Jan. 23, 2018. Available at: https://www.protenus.com/press/press-release/56m-patient-records-breached-in-2017-as-healthcare-struggles-to-proactively-protect-health-data

[2] “3 critical steps to better protect patient health information,” by Anupam Sahai, Health Data Management blog, Nov. 20, 2017. Available at: https://www.healthdatamanagement.com/opinion/3-critical-steps-to-better-protect-patient-health-information

[3] “3 critical steps to better protect patient health information,” by Anupam Sahai, Health Data Management blog, Nov. 20, 2017. Available at: https://www.healthdatamanagement.com/opinion/3-critical-steps-to-better-protect-patient-health-information

[4] “Healthcare Data Breach Costs Fall to $380 Per Record,” HIPAA Journal blog post, June 21, 2017. Available at: https://www.hipaajournal.com/healthcare-data-breach-costs-2017-8854/

[5] “Insiders, hackers causing bulk of 2017 healthcare data breaches,” by Jessica Davis, Healthcare IT News, Aug. 4, 2017. Available at: http://www.healthcareitnews.com/news/insiders-hackers-causing-bulk-2017-healthcare-data-breaches

[6] Insiders, hackers causing bulk of 2017 healthcare data breaches,” by Jessica Davis, Healthcare IT News, Aug. 4, 2017. Available at: http://www.healthcareitnews.com/news/insiders-hackers-causing-bulk-2017-healthcare-data-breaches

[7] “Healthcare Data Breach Costs Fall to $380 Per Record,” HIPAA Journal blog post, June 21, 2017. Available at: https://www.hipaajournal.com/healthcare-data-breach-costs-2017-8854/

This news is provided as a service to you by Marlin Business Services Corp., a nationwide leader in commercial lending solutions for the U.S. small business sector. Marlin’s equipment financing and loan programs are available directly and through third-party vendor programs, including manufacturers, distributors, independent dealers and brokers, to deliver financing and working capital that help build your success.