A recently released report from Verizon shows 58% of healthcare systems breach attempts involve inside actors, making healthcare the current leading industry for insider threats. Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR) reveals patients’ medical records and medical histories, treatment plans, and identities were the focus of the healthcare record breaches. Ransomware, malware, and stolen laptops were among the top tactics thieves used to access the personal information and records of patients.
The study is based on information from 2016 and 2017 regarding 1,369 incidents spanning 27 countries. A healthcare organization has a responsibility to its patients to not only care for their physical needs but also to protect their identity and private records. Because nurses are on the front lines of these facilities, it’s important they know key ways to protect their patients’ information.
Challenge With Healthcare Security
As with most industries in the U.S., more healthcare facilities are transitioning to digitally based platforms. The challenge is that the security of these platforms is not advancing at the same rate as the tools themselves. In addition, more than half of the attacks on personal information are done or caused by a person within the organization. And some 42% of inside attackers use their secured credentials or steal those of a coworker to access confidential data.
“Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity,” a study from Accenture, found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000.
How To Stop A Healthcare Data Breach
With the same voracity that healthcare organizations instruct nurses, doctors, and other staff to care for patients, they must invest in strengthening their digital security. Using a verification system for all login attempts and making changes within the clinic can help reduce the number of breaches yearly. Here are some in-house changes to make immediately:
- Secure Email System: Many ransomware and phishing attacks are made through healthcare system email environments. Deploying email security architecture will help guard against an external attack.
- Analytics and Logging: SIEM, log analytics, and data intelligence systems analyze logs and locate irregularities in data patterns. With this information, you can spot security weaknesses.
- Test Systems: Breaches don’t come with forewarning. Because you don’t know when there is lingering danger, you need to test your digital security systems regularly.
- Good People: The best of security systems won’t run well without strong hires and properly trained employees. Schedule ongoing training for your administrative staff so employees know how to recognize possible breaches.
Avoiding risk, containing a breach, and having a plan of action if a breach does occur are necessary parts of your digital security plan. Most importantly, work with your team to prevent and quickly detect a security breach.