Posts Tagged ‘data breach’

Infographic: Is Your Healthcare Data Safe?

December 12th, 2016 by Melanie Matthews

Data loss from U.S. hospitals, urgent care centers, dental practices and clinics is reaching epidemic proportions, according to a new infographic from safetica. Last year the confidential records of one-in-three healthcare patients in the United States were compromised. But what are the costs and causes of data breaches—and how can they be prevented?

The infographic examines the impact of data breaches, the cost of a data breach and a checklist to compare your organization’s data security practices against recent HIPAA case law.

Is Your Patient Data Protected?

2016 Healthcare Benchmarks: Data Analytics and IntegrationThe 2016 Healthcare Benchmarks: Data Analytics and Integration assembles hundreds of metrics on data analytics and integration from hospitals, health plans, physician practices and other responding organizations, charting the impact of data analytics on population health management, health outcomes, utilization and cost.

2016 Healthcare Benchmarks: Data Analytics and Integration examines the goals, data types, collection processes, program elements, challenges and successes shared by healthcare organizations responding to the January 2016 Data Analytics survey by the Healthcare Intelligence Network. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: 5 Ways to Protect Against Cyber Attacks

February 23rd, 2016 by Salim Hafid, product marketing manager, Bitglass

Cyber attacks like the recent hack of Hollywood Presbyterian Medical Center are on the rise.

Editor’s Note: Could the Hollywood hack happen to your organization?

The event had all the hallmarks of a Hollywood blockbuster, but this month’s assault by a hacker on Hollywood Presbyterian Medical Center (HPMC) was frighteningly real. The malware attack locked access to certain computer systems and prevented the medical center from sharing communications electronically, according to a statement by Allen Stefanek, President & CEO. The medical center paid the requested ransom—40 Bitcoins, equal to approximately $17,000—and restored its electronic medical record (EMR) system. There is no evidence at this time that any patient or employee information was subject to unauthorized access, Stefanek said in his statement.

The HPMC hack is only the latest cyber attack to plague the industry. In this guest blog post, Salim Hafid, product marketing manager for Bitglass, suggests ways organizations can safeguard themselves against these damaging events.

Data breaches in 2015 resulted in a massive 113 million leaked records nationwide, up from 12 million in 2014, according to Bitglass’ Healthcare Breach Report. This means that one in three Americans’ personal information was leaked as a result of cyber attacks. The increase suggests that hackers are increasingly targeting medical records, which contain a trove of valuable information including addresses, Social Security numbers, and patients’ medical history. As hackers become more sophisticated, IT must take steps to secure data both in the cloud and across all employee devices.

Given the rising threat of cyber attacks, healthcare organizations must be proactive when it comes to securing corporate data. Here are five ways IT can both protect healthcare data in the cloud and limit the risk of a large-scale breach:

1. Control access.

Cloud applications have made file-sharing and access to data easier than ever, but for all the flexibility these apps offer, there are risks to sharing files with unsecured, unmanaged devices outside the corporate network. Granular access controls are a critical piece of the security puzzle in that organizations need the ability to limit access in certain risky contexts. In the case of the Anthem breach for example—in which phished credentials were used in China, resulting in 78.8 million leaked records—access controls would have limited the damage.

2. Encrypt, track, protect.

The most sensitive data in an organization is often the most valuable to hackers. Files with customer Social Security numbers, addresses, and medical claims information are the targets of large-scale breaches. To secure data, IT needs a means to identify the files that contain sensitive content and apply Data Loss Prevention (DLP) to those files. Contextual DLP solutions enable IT administrators to distinguish between devices and set policies to encrypt, apply watermarks to track data, or even wrap files with digital rights management (DRM).

3. Secure BYOD.

As demand for bring-your-own-device (BYOD) in healthcare rises, organizations need to protect data on unmanaged devices without impeding user privacy. What is critical here is control over data as it travels to the end-user’s device and data that resides on the device itself. With features like selective wipe and native mail access, organizations can encourage adoption of BYOD while still protecting data and maintaining HIPAA compliance on these unmanaged devices.

4. Quickly identify potential breaches.

As healthcare organizations are now more likely to be targeted by hackers than ever before, IT needs the ability to quickly identify suspicious traffic and be alerted to potential risks. Administrators can leverage tools like cloud access security brokers to act on that information and limit sharing using the aforementioned access control capabilities.

5. Improve authentication.

Major breaches like Anthem and Premera, coupled with the low rate of single sign-on adoption across the healthcare industry, highlight the need for a more secure means of authenticating users. With an integrated identity solution, organizations can maintain control over the key access points to their data and can easily manage user account credentials with tools like Active Directory. Industry standards like single sign-on, multi-factor authentication, and single-use passwords can also help minimize risk of breaches due to stolen credentials.

These are just a few of the many ways healthcare organizations can better secure corporate data in public cloud applications like Google Apps, Box, and Office 365. In light of the massive year-on-year increase in breaches, securing healthcare data has never been more critical. Healthcare organizations need a HIPAA-compliant, comprehensive, data-centric solution that provides complete control and visibility over protected health information (PHI), a means of securely authenticating users, and BYOD security.

Download the Bitglass Healthcare Breach Report for more on the key capabilities necessary to protect healthcare data in the cloud and achieve compliance.

About Bitglass: In a world of cloud applications and mobile devices, IT must secure corporate data that resides on third-party servers and travels over third-party networks to employee-owned mobile devices. Existing security technologies are simply not suited to solving this task, since they were developed to secure the corporate network perimeter. The Bitglass Cloud Access Security Broker solution transcends the network perimeter to deliver total data protection for the enterprise—in the cloud, on mobile devices and anywhere on the Internet. For more information, visit bitglass.com

HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.

Infographic: Healthcare Data Breaches

June 10th, 2015 by Melanie Matthews

The number of individuals affected by healthcare data breaches continues to rise, especially after recent “mega breaches” such as Anthem and Premara Blue Cross. In addition, hacking and other criminal attacks are being seen more and more within the healthcare industry.

A new infographic by Cynergistek looks at the number of people impacted by healthcare data breaches, the causes of breaches, the location of breached information and more.

HIPAA Training for EmployeesHIPAA Training for Employees DVD provides training on the following: privacy rule basics; use and disclosures; patient rights; employee behaviors to safeguard patient information; security rules; safeguards to protect patient information electronically; HITECH; breach identification and notification; enforcement; and level of fines.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: Following Anthem Breach, 5 Preventive Steps to Protect Businesses Against Electronic Data Theft

February 19th, 2015 by Kevin Watson

Kevin Watson is CEO of Netsurion, a provider of cloud-managed IT solutions.


The country’s second largest health insurer, Anthem Inc., has confirmed it is the latest to join a growing list of major corporations to have suffered a serious data breach. Kevin Watson, CEO of Netsurion, outlines some of the consequences of stolen healthcare data and suggests five steps businesses can take to protect themselves from electronic data theft.

Unlike many recent data breaches, Anthem was quick to publicly announce the breach only days after discovering that personal information on as many as 80 million of its customers and employees had been stolen. In this case, it appears the hackers used rather sophisticated methods, managing to gather names, dates of birth, social security numbers, addresses and email addresses. Although it does not appear any medical information or financial records were exposed, the information that was taken is more than enough to steal the identities of the affected individuals.

For so long, the focus of data breaches has been on credit card data, as stolen credit card data can so readily be turned into cash or goods. However, with the increasing popularity of EMV or chip and pin enabled credit cards, the prevalence of data breaches involving personal information may again rise to the forefront. This is especially true when one realizes the value of a stolen identity can often be far greater over the long term than the value of a stolen credit card.

If access to insurance plan information were to have been stolen along with identity information, data thieves would have a good indicator as to which identities were of higher value based on the value of the insurance plan. If thieves focus on the individuals with the highest plan costs, these are likely the people who are more established in their lives, have families, higher incomes and better credit, meaning their identities are worth even more on the black market.

This breach highlights that data security is not an issue limited to those processing credit cards. Businesses of all types must think of the type of information stored in their systems and realize they are only as secure as their weakest system. The following checklist outlines simple methods can help protect businesses from electronic data theft:

1. Protect a Location’s Incoming Internet Traffic

The first step in stealing data is finding an avenue into the targeted business. All of a business’ data circuits and its Internet connections must be protected by a robust and adaptable firewall; protecting the business from unwanted incoming traffic.

2. Implement Secure Remote Access

When permitting remote access to a network, it is essential that this access is restricted and secure. At a minimum, access should only be granted to individual (not shared) user accounts using two-factor authentication and strong passwords. Remote access activities should also be logged so that an audit trail is available.

3. Keep Anti-Malware Software Up-to-Date

It is critical to keep all anti-virus/anti-malware software up to date with the latest versions and definitions. The companies that make anti-malware software monitor threats constantly and regularly update their packages to include preventive measures and improvements to thwart malware seen in other attacks.

4. Update all Operating Systems as Security Patches are Released

Much like anti-virus/anti-malware updates, designers of operating systems are constantly improving their software to prevent hackers from stealing data, especially if a criminal manages to bypass the built-in security. It is essential that the latest security releases and patches be installed on all systems.

5. Limit Outbound Internet Traffic

In addition to blocking unwanted traffic from getting into a location, it is always a good practice to selectively block outgoing traffic as well. Many modern breaches involve software that becomes resident on a company network and then tries to send sensitive data to the hacker’s system via the Internet. No system can completely prevent unwanted malware or viruses, so a good last line of defense is making sure secure data doesn’t leave the network without prior knowledge. The same firewall used in Step One should be configured to monitor outgoing traffic as well as incoming.

Netsurion is a leading provider of cloud-managed IT security services that protect small- and medium-sized businesses’ information, payment systems and on-premise public and private Wi-Fi networks from data breaches and other risks posed by hackers. Netsurion’s patented remote installation technology and PCI compliant cloud-based solutions simplify the implementation process and ongoing support. Any sized branch or remote office, franchise or sole proprietor operation can use Netsurion without the costs of onsite support. The company serves the retail, hospitality, healthcare, legal and insurance sectors.

HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.