Fighting the War against Healthcare Data Breaches

Today’s business world has become a battleground. Behind the scenes, a never-ending war is being waged for control over personal and protected consumer data—and the healthcare industry is being hit the hardest.

Businesses from various industries have experienced their fair share of casualties, but few have seen the same level of focused assault that healthcare practices and insurance providers see each year from cybercriminals and hackers—and those attacks only seem to increase in frequency and impact from one year to the next.

In 2018, the healthcare industry had 15 million patient records compromised in over 500 separate breaches. This is three times the amount of breaches that occurred in 2017.

In light of these attacks, as well as trends that suggest the frequency and intensity of such attacks will continue to grow, effective safeguards to healthcare security are essential for providers, insurers, and health business associates of any size.

Knowledge and preparation will be the two most important factors in the war against healthcare data breaches. Consider the following when anticipating potential cyberattacks.

  • What types of attacks should you expect?

The most common external attacks are often phishing, ransomware, or malware bugs that infiltrate healthcare networks through email or external device connections. Opening the wrong email or attachment on a network can create an access point for cybercriminals. Internal attacks may also be a threat, either through identity theft/data breaches perpetrated intentionally by an employee or by negligence or neglect. Sometimes, a healthcare data breach occurs simply because an employee misplaced a laptop or mobile device without the proper technology to remote wipe the machine before malicious hands got ahold of it. With the right precautions, a simple mistake does not have to become a multi-million dollar regret.

  • How can you protect against both internal and external attacks?

The key to healthcare security and protecting against healthcare data breaches from both internal and external sources is a combination of technological protections and good training. Every healthcare organization should have a strong firewall and password protections that operate on a strictly need-to-know basis. Closing off sections of the network to only certain authorized personnel limits the number of access points to protected information and can minimize the amount of damage one breach can do. As to training, when employees fully understand the risks and how to prevent malware access, the network will be much more secure.

  • What actions should you take if a breach does occur?

If the unthinkable happens and a breach is suspected, it is vital to take immediate steps to cut off any more access. The challenge with healthcare security is that it must be constantly monitored, or a breach could go undetected for months or even years. With regular monitoring of the network and an experienced IT professional who knows what to look for, breaches can be detected early, and the damage can be minimized. Regardless, breaches must be reported immediately to the proper authorities and steps taken to notify the effected parties. Research state laws and create a plan of action just in case, because the odds of being targeted are not as small as most doctors and nurses would like.

While the war against healthcare data breaches is ongoing, providers and other healthcare organizations can often encourage cybercriminals to back off, if their security is good enough and they prove enough of a challenge. Most hackers prefer an easy score, though there are never any guarantees. Maintaining strong healthcare security in a thriving practice is no small matter, but with preparation, research, and training—as well as a vigilant IT professional or two—it is possible.

Cybercriminals may be here to stay, but healthcare professionals can fight back. Despite a few losing battles along the way—and the last couple of years have been hard on many practices for several reasons—the war is not over yet. Most of the industry has recently taken steps to improve their level of technology, which includes updating protections and preventative measures. Healthcare practices and insurers may not be so vulnerable anymore in the coming year, and, as everyone knows, all it takes is a few good battles to turn the tide of any war.


medical nurse and colleagues