Data breaches – this topic has been covered a lot here. That’s because it is so prevalent and is constantly haunting big and small healthcare providers across the U.S. In 2019, a whopping 40 million people were affected by healthcare data breaches. To put this in perspective, 14 million people were affected, according to healthcare data breach statistics in 2018.
A recentstudy has also shown that 2019’s numbers were higher than the 2015 data breaches where over 113 million records were exposed. The report from the study emphasizes how over 400 organizations experienced breaches consisting of more than 500 patient records. Even though some providers are working to increase security, they are finding it challenging to stay ahead of the curve.
The reported data breaches increased by 38 percent from January to October 2019, compared to 2018. More than 429 organizations reported breaches, which is considerably higher than the 371 organizations reporting data breaches in 2018.
The result?
40 million people were affected by these data breaches, and these are the data breaches that were actually reported. However, the aforementioned study claimed that more than 480 organizations would be affected by data breaches in 2019.
Hacking was consistently the main cause of data breaches from 2016. However, hacking stole the spotlight in 2019with 59 percent of the reported data breaches a result of hacking.
Another tool used by cybercriminals is email.
Stolen medical records often contain sensitive information of the patients – their medical history, their medications, test results, names, addresses, and so on. The hackers usually sell this information on the black market where buyers assume the identities of the affected patients.
Patients can serve hospitals with lawsuits for not protecting their sensitive data. Some patients spend a lot of time having their medical records fixed, which is costly for the patients, the hospitals, as well as the insurers. It is a loss for everyone involved.
What can hospitals do?
While data breaches can not be stopped so easily, thankfully medical identity theft can be prevented. This is where RightPatient comes in – it locks the medical records of the patients with their biometric data and also attaches a photo to the medical records. Even if the medical records are stolen, the patient data will remain safe. If a person attempts to assume the identity of a patient, RightPatient immediately red flags the user and lets authorities know, preventing medical identity theft in real-time. Healthcare providers are protecting millions of patient records with RightPatient, mitigating losses, improving the revenue cycle, preventing being a part of healthcare data breach statistics, and enhancing patient safety – are you one of them?
https://www.rightpatient.com/wp-content/uploads/2020/05/Reduce-costs-of-healthcare-data-breaches-with-RightPatient.png6281200Matt Gibsonhttps://www.rightpatient.com/wp-content/uploads/2021/04/RightPatient-Logoup.pngMatt Gibson2020-05-19 07:43:382020-08-10 07:28:46Healthcare Data Breach Statistics show 40 Million Patients were affected in 2019
As per The Health Information Technology for Economic and Clinical Health Act (HITECH) requirement, breaches that expose protected health information (PHI) affecting 500 or more individuals must be listed. The Breach Reporting Tool of Health Insurance Portability and Accountability Act (HIPAA), reveals that 26 new incidents were added to the portal at the end of March 2020. These incidents are all related to healthcare data breaches.
The security incidents in the portal list are currently under investigation by the Office of Civil Rights (OCR). It has been reported that out of 26 incidents, 13 were caused by hacks or other IT related incidents, affecting 338,334 individuals. Other noteworthy healthcare data breaches affecting 44,592 individuals were caused by theft, loss, and unauthorized access or disclosure of information.
Healthcare data breaches have had a sustained impact on the quality of delivery care and have made healthcare providers more prone to medical identity thefts. Healthcare data breaches are becoming a pressing concern for providers and there’s no sign of the data breaches slowing down.
How do criminals capitalize on stolen personal health information?
Personal health information (PHI) is any information or data entry that can identify an individual. PHI includes sensitive information such as names, addresses, Social Security of Medical Insurance numbers, information about beneficiaries, financial details including account numbers, and diagnostic images. This type of information can be created or collected by your health plan providers, employers, healthcare providers, or other healthcare entities.
Medical records are not only highly sought out by criminals but are highly desired on black markets too. This kind of information can sell for as much as $1000, depending on the amount of the victim’s information is available. Cyber thieves and criminals can later use stolen healthcare records and they plot illegal schemes, such as medical identity thefts.
How can healthcare providers mitigate negative outcomes?
Healthcare data breaches and medical identity thefts are wreaking havoc on revenue cycle management of hospitals by increasing operational costs and negatively impacting patient experience.
To reduce the risk of healthcare data breaches, hospitals need to implement adequate security measures as per the HIPAA Privacy and Security Rule requirement. In addition to the Security Rule, covered entities are required to issue notifications to affected individuals in the event of breaches to unsecured protected health information, as per The HIPAA Breach Notification Rule. Healthcare providers can use a HIPAA compliance management solution to simplify their administrative operations.
When hospitals adhere to the HIPAA rules effectively, it means they are using appropriate safeguarding measures to keep their protected health information secure. As a result, their networks and devices will have increased protection from cyber attackers and hackers.
To prevent medical identity thefts, hospitals can simply use a biometric patient identification platform such as RightPatient.
How can RightPatient prevent medical identity thefts?
RightPatient is a biometric patient identification platform that locks patients’ medical records. During registration, the patient just needs to provide their biological data such as iris patterns or facial photo, and the platform will use this data to lock their medical records. Next time when the patient arrives at the care continuum, all the patient needs to do is just look at the camera and the platform will accurately identify the individual and bring up their medical records.
This platform prevents fraudsters from illegally accessing medical records by encrypting sensitive information using the patient’s biological characteristics. A fraudster will not be able to simply walk in and use stolen PHI to receive medical services or benefits.
By using RightPatient leading hospitals will have improved patient experiences and healthcare quality and will also reduce the number of denied claims, from which hospitals lose millions of dollars each year.
It is forecasted that the Global Healthcare Biometrics market will reach a market value of $5.8 billion by 2025, at an expected CAGR (Compound Annual Growth Rate) of 19.3% (2017-2025). Implement RightPatient now and stay ahead of the curve.
https://www.rightpatient.com/wp-content/uploads/2020/05/rightpatient-prevents-medical-identity-theft-that-can-occur-from-healthcare-data-breaches.jpg445800Ryan Stephenshttps://www.rightpatient.com/wp-content/uploads/2021/04/RightPatient-Logoup.pngRyan Stephens2020-05-07 18:16:022020-08-10 07:28:22Healthcare Data Breaches can lead to Medical Identity Theft
As harsh as it may sound, employees getting fired for accessing medical records without any malicious intent is very common. More than 4.5 million records were compromised in unauthorized access or disclosure incidents caused by employee errors, negligence, and acts by malicious insiders in 2019, according to the HIPAAdata breach statistics report. Thus, providers need to find out strategies to protect patient data better.
In 2019 Northwestern hospital dismissed nearly 50 employees for accessing a celebrity’s medical record without consent. Recently mentioned in another similar series of unfortunate events is the Hawaii Pacific Health in Honolulu.
Hawaii Pacific Health discovered that an employee had erroneously accessed patients’ medical records. As a result, 3772 patients’ records may have been compromised, according to the HHS Office for Civil Rightsdata breach portal. The employee who worked at Straub Medical Center was later terminated. The organization believes that the employee only acted out of curiosity and did not intend to embezzle their identities.
Consequences associated with compromised medical records
Medical records that may have been compromised include name, addresses, phone numbers, email addresses, dates of birth, religion, race/ethnicity, Social Security numbers, medical record numbers, primary care providers, dates of services, appointment notes, hospital account numbers, department names, provider names, account numbers, and health plan names.
Nevertheless, accidental disclosure of sensitive personal information may lead to severe consequences, and lead to medical identity theft or even worse. If it falls into the wrong hands, this information can be used for theft or personal gains. The culprit may also fraudulently obtain medical benefits or sell this information to third parties, who may then misuse them.
Healthcare organizations plagued by patient data breaches have had a sustained impact. Patient-trust is the driving force for effective and quality clinical practice. When an incident similar to Hawaii Pacific Health occurs, it will cause financial and reputational losses to medical service providers. On the bright side, Hawaii Pacific Health will provide the affected patients with free credit monitoring and identity restoration services for one full year. However, as data breaches make hospitals more vulnerable to identity theft, hospitals will again face an increasing administrative burden.
What can the healthcare providers do to protect patient data?
Currently, Hawaii Pacific Health is looking for alternatives and is willing to invest in technology. Technology can help prevent repercussions, such as medical identity theft. Nonetheless, compromised data can be easily safeguarded with abiometric patient identification platform that prevents unauthorized access.
RightPatient has been serving several healthcare providers and medical institutions to avert repercussions like illegal access to patient data, and ultimately preventingmedical identity theft. RightPatient is the most advanced biometric patient identification platform that can protect patient data by preventing inappropriate access to patient medical records.
How does it work?
During registration, patients will need to provide their biometric information (facial photos, irises, fingerprints) to the hospital. With the help of biometric encryption technology, patients’ medical data will be kept locked and secured. The next time patients come to receive medical services, all they need to do is look at the camera or perform a fingerprint scan to unlock their data in seconds. This technology automatically prevents illegal access to medical records, as to access the data, you will need the patient’s authentication.
When all is said and done
There is no doubt that the patient’s medical record should be kept confidential, but the crux of the matter is human errors are inevitable. Hospitals should be aware and willing to invest in technologies that can prevent more damage and open the door to more opportunities for quality health service.
https://www.rightpatient.com/wp-content/uploads/2020/04/RightPatient-can-help-protect-patient-data.jpg445890Matt Gibsonhttps://www.rightpatient.com/wp-content/uploads/2021/04/RightPatient-Logoup.pngMatt Gibson2020-04-16 15:13:372020-08-10 07:26:40Employees Can Compromise Medical Records - How Can Hospitals Protect Patient Data?
The following is a guest post submitted to RightPatient on improving cybersecurity in healthcare.
When healthcare first started to go digital, the problems were largely related to mechanical reliability. Computers weren’t so reliable, and there was no internet to really bring them together. Keeping hard backups was really the biggest concern.
Yet that’s changed considerably in the past decade. Nearly all healthcare providers store at least some of their records online. As a result, there are fewer opportunities to completely lose a patient’s records and collusion among practitioners is becoming considerably easier. Conversely, the chance of having records stolen is dramatically increased.
The rapid digitization of healthcare has pushed many providers to improve cybersecurity.
Both for space and for purposes of preservation, healthcare practitioners are doing what they can to cut down on the rooms filled to the brim with patient files. Instead, that information is stored on servers, both onsite and offsite. There’s less room for losing physical files, patient information can be located and sent faster, and providers can more easily see a complete history.
This centralization is certain to improve patient outcomes but it comes with the risk of creating major “honey pots” for hackers and thieves. Rather than stealing file folders, these cybercriminals only need to breach a single database to acquire hundreds, if not thousands of patient records.
The only recourse is to improve cybersecurity measures to help reduce or avoid breaches entirely. Otherwise, patients (and we’re all patients, including providers) face the risk of identity theft or worse.
Not everyone realizes that maintaining cybersecurity that meets current procedural standards is actually the law. HIPAA compliance doesn’t just extend to patient confidentiality in person, but also applies to information stored digitally.
Those in practice that do get hacked face stiff legal penalties, particularly if they are shown to be taking inadequate care in preserving their patient records safely. Although state requirements vary, there are a few basic requirements both for minimizing liability and for complying with the law:
• At least two hard copies of records need to be maintained, one of which is stored offline • Digital records must have copies stored online • Health care providers must perform risk assessments and provide security measures that are adequate* to minimize risks to patient information and privacy
*Note that what constitutes “adequate” seems to vary and the requirement is generally vague at best.
Breaches are Increasingly Common
Earlier we discussed that 2016 was a year that featured over 300 major cybersecurity breaches in the healthcare industry. What’s important about that value is that it represents an over 20 percent increase in the number of hacks as compared to the year before, which numbered in the mid-200s.
Far from becoming less frequent and more controlled, data theft is actually on the rise. And the cost of theft isn’t getting any cheaper either. Research done by the Ponemon Institute continues to show yearly increases in costs to providers as a result of cybersecurity woes.
At present, there doesn’t seem to be any indication that the number of breaches or the cost per incident is likely to decrease through 2017 or beyond.
Most predict a continued increase in cost.
Private Practices Are Favorite Targets
The victims of data theft aren’t just major hospitals or data centers. In fact, private practices face just as many, if not more risks than do large institutions. Small practices tend to have a considerably lower budget for cybersecurity and thus are actually more vulnerable because it’s just that much easier for hackers to force their way in.
Private practitioners and their patients would be wise to heed this warning and take steps to minimize the inevitable fallout that comes with data theft. Not taking the risk seriously could prove devastating particularly for offices with just a single doctor on staff.
BYOD Also Means BYOP
One last addition both to healthcare and standard businesses that presents a major risk to patient records is the so-called “Bring Your Own Device” (BYOD for short) policy. This procedure has grown in popularity because many employees own devices that are far more capable than those being provided by offices.
But BYOD can quickly become a BYOP (bring your own problems) policy if not handled appropriately. Employees rarely maintain security on their personal devices in a way that sufficiently protects the businesses they work with.
Employers would be wise to implement security requirements for their workers in the form of locked devices and security software. That means both anti-malware apps—for preventing infected software from being installed—and internet security apps, with Virtual Private Networks (VPNs) increasingly the most important due to the amount of hacks that involve direct invasion of unsafe connections.
Solving the Problems
Putting a stop to security breaches isn’t likely something that will happen overnight. But it is something we should all be cognizant of enough to begin minimizing risks. Nothing replaces vigilance and there may not ever be a catchall solution to cybercrime.
The cost of negligence may be more than we can imagine. And with insurance premiums up and healthcare costs continuing to rise, this is one bill we can’t afford to pay.
How will you help healthcare improve its cybersecurity? Do you have any concerns? Tell us in the comments.
About the Author: Faith is a cybersecurity expert and technology specialist. As a professional and patient, she is interested in helping businesses maintain more secure environments for the safety of themselves and those they serve. With medical hacks on the rise, Faith finds herself speaking out on the topic of patient records often.
https://www.rightpatient.com/wp-content/uploads/2017/04/Faith-blog-post-2-042417.jpg506800John Traderhttps://www.rightpatient.com/wp-content/uploads/2021/04/RightPatient-Logoup.pngJohn Trader2017-04-24 03:00:262024-08-28 10:09:535 Reasons Why Health Care Needs Better Cybersecurity
The proliferation of data breaches along with the rising pressure to more effectively safeguard protected health information (PHI) in healthcare is fueling growth in the adoption of single sign-on (SSO) solutions. Designed to relieve the burden of password management while providing a more convenient mechanism for users to access their computer or to the network, SSO solutions offer distinct advantages over traditional passwords including:
Providing an air-tight security mechanism to authenticate users gaining access to network resources
Reducing IT support costs associated with password management and help desk overhead
Minimizing the risk and cost of enterprise data theft from users inside the firewall
Supporting regulatory compliance (HIPAA, Sarbanes-Oxley, etc.) with improved security
Leveraging existing network infrastructure for faster deployment
Allowing users to quickly lock and unlock their computers with a single proximity card swipe or biometric scan
Our latest podcast with Ray Madril from Healthcast discusses the importance of adopting single sign-on (SSO) technology to increase patient safety and patient data security in healthcare.
To dig a little deeper into the importance and urgency of adopting SSO solutions in healthcare, we contacted Ray Madril of Healthcast and scheduled a podcast session to tap into his knowledge and covered the following topics:
An overview of the current health IT data security landscape and why establishing a secure single-sign-on credential is now considered mission-critical for the healthcare industry
The impact data breaches have on the healthcare industry and how a strong SSO solution prevents breaches and their damaging effects
How the implementation of an SSO solution impacts provider workflows and why is this important to patient safety
E-prescribing is changing healthcare by demonstrating that health IT has become a critical component for the efficient delivery of medicine and cost-effective patient treatments. What role does a secure SSO solution have to support efficient and secure EPCS?
The different form factors for SSO solutions and the impact of using biometrics such as a fingerprint with an SSO solution to ensure patient safety
How a successful SSO implementation increases patient safety
Download a copy of the SSO in healthcare podcast and listen to it on the go! Have a friend or colleague that you feel would benefit from the podcast on adopting SSO for stronger data security in healthcare? Please forward them the link.
Have an idea for a podcast? Submit your entry to: jtrader@rightpatient.com along with a suggested guest for the topic.
https://www.rightpatient.com/wp-content/uploads/2015/12/podcast-6.jpg445800John Traderhttps://www.rightpatient.com/wp-content/uploads/2021/04/RightPatient-Logoup.pngJohn Trader2015-12-01 15:44:382021-06-30 13:40:17New Podcast Addresses Importance of Single Sign-On (SSO) Tech in Healthcare