In the U.S, over 3.7 million people have medical devices connected to their body- that doesn’t include the millions who use fitness bands. While these devices are useful and even critical for your well being, are you sure the data from them is safe? With laws like HIPAA and HiTech in place, you would think your personal, sensitive information would be safe and confidential with your doctor, but with more technology integration in healthcare, the risk for data breaches has increased. While technology in healthcare is not a new concept, the rise of biometrics like facial recognition, fingerprint scans, fitness watch data, and even implanted devices makes the possibility of data breaches more personal.
The highest cybersecurity risks for the healthcare industry were listed by Clearwater as user authentication, endpoint leakage, and excessive user permissions.² Ways to combat these issues are precautions like making sure only authorized personnel have access to certain information, maintaining strong passwords throughout the system, and keeping your computers up to date with all patches, security updates, and antivirus software. In 2018, 48% of data breaches were caused by malicious or criminal attacks with human error coming in second at 27%.³ No matter what source caused the breach, the tips above help to prevent both from happening.
According to the HHS, data breaches in the U.S. Healthcare System totaled $6.2 billion in 2016 and 4 out of 5 physicians have experienced a cyberattack. ¹ As seen in figure 7 above, the 2018 cost per patient record in a data breach is significantly higher for the healthcare industry than any other major industry clocking in at $408 per record.³
There are many steps you can take to be proactive in cybersecurity. Figure 12 above demonstrates what factors save you money per capita by implementing versus what lack of security measures add to the cost you pay when you get breached.³ Tactics like training your employees to spot red flags and teaching them cybersecurity best practices help to lessen the blow should a breach occur. The HIPAA Journal also released some best practices for healthcare cybersecurity including:²
- Data protection and loss prevention
- Email protection systems
- Network management
- Medical device security
- Cybersecurity policies
- Endpoint protection systems
- Asset management