Over 1.7 million health records were leaked in 2012. The largest violation fell on the Utah Department of Health, whose server was hacked and released 780,000 records. Somehow, 59% of businesses still lack a security incident response plan.1 If you or your employees are basing cyber security programs off the following reasons, it’s time to reexamine your level of protection.
What We’ve Always Done Has Worked. Why Should We Change?
HIPPA laws and penalties have tightened over recent years due to high-profile, mass-scale breaches. The Omnibus Rule, passed in 2013, places the data holders (your company) in the position of “guilty until proven innocent.” This means you are assumed at fault of a security leak until you can prove your innocence.
Technology has also advanced over the years; data hackers’ methods have grown in sophistication and permanence. Many companies fall victim to ransomware schemes, where hackers hold companies’ secure data as ransom for high costs.
We Work off Someone Else’s Network and Electronic Health Record System. It’s Not Our Risk.
You and your organization are legally liable for all of the data you store on servers, digital systems, emails, filing cabinets, EMR/EHR, and more. Take proactive steps now to protect your employees and company from the growing risk of security breaches.
We Can’t Afford to Beef Up Security.
The average liability per PC Is $48,843.2 Emory Healthcare misplaced their 10 backup tapes and breached 315,000 health records. At South Carolina HHS, an employee sent PHI that was unencrypted from a personal email account and was responsible for 228,000 health records breached.
The penalties, destruction of company trust, and millions in fees are sobering reminders of situations that could be avoided. Health care company IT budgets should be 5% of revenue.
Isn’t Virus Protection Enough?
The best protection against security hacks is employee training. Enact security in layers like regularly scheduled software and system updates, firewalls, email spam filtering, data monitoring, and cyber liability insurance.
I Already Have Insurance.
If your company already has cyber security insurance, review your policy annually. Are the limits still relevant? Are you comfortable with your level of exposure? Does the policy language address the most recent trends?
Reviewing your cyber security policy moves your company toward protecting against deficiencies and setting up long-term protection standards. We’re here to help along the way.
Many thanks to Kenneth Uptain at ACP Technologies for his valuable cyber security insight. For more information on ACP and completing a network security risk assessment, visit acp.us.com or contact him directly at 210-981-1398 ext. 2030.
Sources:
1 Staysafeonline.org
2 Max Focus