Podcast

Security Newsletter – July

In a recent study by the Ponemon Institute (PI), roughly 90% of healthcare organizations have been impacted by a data breach. While most of those participating in the study reported that data breaches impacting their organization were small in nature (less than 500 individuals), the overall impact to the healthcare industry is estimated to be slightly more than $6 billion. With a multitude of attack vectors confronting healthcare organizations, including business associates, the PI study participants cited a surprising top concern to security: employee negligence.

Inattentive and careless actions by employees, such as clicking e-mail links, downloading infected files, and having weak passwords create more data breaches for healthcare organizations than any other threat. Some recently reported data breaches as a result of employee negligence include:

  • Oneida Health Center Dental Clinic – Unencrypted flash drive stolen
  • Wyoming Medical Center – Employees click on link in phishing scam email
  • Children’s National Health System – Misconfiguration of File Transfer Protocol (FTP)
  • EqalizeRCM Services – Unencrypted laptop stolen with unknown number impacted
  • Vail Valley Medical Center – Employee copies records and takes to new employerBe sure to include these key steps to helping workforce members safeguard and protect PHI:
  • Has your organization created an environment where the privacy and security of protected health information (PHI) is a priority for all workforce members, one that is more than just a compilation of policies and procedures, and that positions employees to succeed in managing the privacy and security of PHI? Providing employees with tools and education for the protection of the privacy and security of PHI can only have a positive impact on your organization and limit the possibility of a data breach that could cost the organization millions of dollars.
  • Provide regular and pertinent education and guidance on privacy and security
  • Limit access to workforce members to only what they need to satisfy job requirements
  • Create clear communication processes for all security concerns and potential data breaches
  • Ensure your workforce knows and understands your policies and procedures for privacy and security of PHI
  • Require strong passwords to access systems that contain PHI and change passwords regularly
  • Implement proper safeguards such as encryption to protect data stored on laptops and other portable devices

Healthcare Horizons’ employees receive annual HIPAA training and monthly security awareness bulletins to keep these issues at the forefront of our business.