• IT intelligence from a national leader.

  • IT intelligence from a national leader.

  • IT intelligence from a national leader.

Involta Blog

Don't Be Another Healthcare Headline - Protect Yourself Against Breaches

Sometimes it is exciting to read about your company in news headlines….sometimes it isn’t. It is not exciting to have your company in the news because something bad has happened and it definitely doesn't sit well when your company becomes part of an public, online list because of that something bad.

But that…and more…is what happens to healthcare organizations that have had breaches happen to their IT environment. However, you probably already know this because chances are your company may have already experienced a breach. Just last year there were 477 healthcare breaches reported to the U.S. Department of Health and Human Services (HHS) affecting over 5 and half million patients. This year isn’t much better. A recent Ponemon Institute survey has revealed 62% of healthcare organizations have experienced a data breach in the past 12 months. More than half of those organizations experienced data loss as a result.

When it comes to breaches, healthcare isn’t like every other industry. The 2018 Protected Health Information Data Breach Report identified that most healthcare breaches come from internal actors not external factors. Things like human error and privilege misuse caused far more security incidents than hacking and malware.

Top Five causes of breaches in the Healthcare Industry

  1. Human Error
  2. Misuse
  3. Physical (i.e. theft)
  4. Hacking
  5. Malware

So how can you keep your name out of the headlines…and avoid a breach?

Educate: Create cybersecurity awareness and increase training across the organization and engage your board members on the implications of underinvesting in resources and tools. Ensure all stakeholders are involved in any Incident Response planning

Police: Have a strict Bring Your Own Device policy, policy agreements with vendors, and user identity and access

Act: Implement an integrated cyber defense platform rather than deploying a collection of point products and solutions. Keep systems patched, conduct annual HIPAA security risk analysis, assess vulnerabilities, and encrypt both data and hardware.