Why Healthcare Hacking is Profitable and How You Can Prevent It

Why Healthcare Hacking is Profitable and How You Can Prevent It

A while ago, hackers concentrated their attention on stealing financial data. Even with the digitization of financial transactions bringing stringent security and regulations to safeguard such transactions, the thieves spotted new ways of stealing things such as credit card numbers to vend on the dark web. Presently, online criminals have shifted their attention to digital data that is more valuable including things such as your electronic healthcare records.

In case you are asking why, the reason is that stolen financial information will always be marketable, especially since such data sells cheaply. In case you discover that your credit card number was stolen by a hacker, get in touch with your bank to cancel the particular card. Also, if somebody steals it in an effort of making extraordinary or large purchases around the country, your bank will immediately cancel the card and call you to inform you about such activity. Although credit card-related theft is not going anywhere any time soon, it is not as lucrative as it was previously.

Currently, hackers are interested in healthcare records. To put this matter into perspective, a credit card number goes for $1 whereas unidentified online buyers will pay about $50 for each partial electronic healthcare record. Why? Because such information is highly valuable. The perpetrators of this crime can utilize your healthcare records in making fraudulent insurance claims, particularly for fake medical procedures at non-existing hospitals.

The demand for healthcare records is high and, on the other hand, supply is ready to follow suit. In fact, since 2009, criminals including hackers have stolen the health care records of over 120 million individuals in over 1,100 different security breaches. The biggest hack in history, the Anthem data breach, has been adequately documented. Not long ago, Premera Blue Cross fell victim to financial and medical records breach that affected about 11 million individuals. Also, recent studies revealed that the rate at which criminals or hackers are targeting leading healthcare companies is rising.

With looming danger around each corner, the question about how you can shield your business from a healthcare hack still lingers. However, here are some of the ways that can help you as follows:

  1. Conduct a risk assessment. Before anything else, you ought to first know the status of your business in a bid to make improvements. To do so, analyze these categories:

Blocking and tackling: In this case, focus on the basics. Consider whether you are understaffed and know the position of your processes, policies, controls and reporting metrics. Also, assess the executive support available for security budgeting.

Compliance: Focus on compliance frameworks in place for pushing security decisions.

Risk-based analysis: Here, you require multilayered security as well as a risk-based method with the potential to correlate events such as security incidents across various business environments as well as rank and respond to them through IT audit controls and dynamic information security.

  1. Review your customer and vendors agreements at least yearly. In a bid to protect your data, you need to understand the business associate relationships and the covered entity. The recent Omnibus rule revolutionizes the standards of information care, particularly from vendors in the healthcare sector. Also, make sure your counsel assesses and reviews all business associate agreements appropriately for compliance needs and conducts a self-assessment against the organization’s requirements.
  1. Assign duty within your company for compliance management. In case you are a victim of a breach, the legal fines can hit a maximum of $50,000 for each record lost. Make sure that someone within your organization takes up an InfoSec role. Aside from that, assign a different security official to be in charge of the development and execution of HIPAA procedures and policies. For this, you can look at HIPAA section 164.308(a) (2).
  1. Conduct Security Awareness Training. The ones in charge of security within your company have to thoroughly comprehend applicable compliance structures like HIPAA. They include the security personnel for your own organization and communication as well as covered entity relationships and business associates. In addition, make sure that you contact a company that focuses on security awareness training in a bid to create a culture of security in your business.
  1. Institute a Security Framework. Create an effective and sustainable network of security procedures and checks by pulling everything together. This framework ought to include: security monitoring and reporting, security engineering and operations, security governance, security optimization, and security policy.

The process at each of the above steps will vary mainly depending on the maturity, structure, and size of your company. Nevertheless, your organization ought to implement strong network monitoring software and end-to-end encryption for averting and detecting a potential breach. Establishing a robust IT security structure provides you with an established framework that ensures security during the lifecycle of your most valuable data.

Author Bio

Ken Lynch

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.


This is an article provided by our partners network. It might not necessarily reflect the views or opinions of our editorial team and management.
Contributed content