Healthcare entities have treasure troves of valuable data in their files. That typically includes everything from patient Social Security and bank account numbers to confidential HIPAA-protected information.
So it is no wonder that compared to other industries, the healthcare sector experiences twice as many attempted cyber attacks. What is astounding, however, is that less than 30 percent of healthcare entities implement the core components of a comprehensive cybersecurity program.
Mitigating a breach after the horse has already left the barn can be extraordinarily expensive and trigger a multitude of unanticipated events. When a healthcare provider suffers a data breach, there are often HIPAA violations that result in stiff penalties. But those may be the least of the financial consequences.
Forensic investigators may need to be hired to ascertain what enabled the breach. Timely notification must be sent to any patient who may have been adversely impacted. The provider may find itself entangled in lawsuits, and the legal fees can dwarf revenues. Special cybersecurity consultants will likely have to come aboard, to help ensure that there isn’t another similar incident. Then there is the untold damage to a healthcare provider’s brand and reputation.
In November of 2018, the HIPAA Journal published results of a research project led by Johns Hopkins and Michigan State University. Researchers analyzed almost a decade of data breaches that were reported to the Department of Health and Human Services. One of the more surprising discoveries was that the majority of the issues weren’t caused by criminal cyber attacks. They were due to internal healthcare organization negligence.
That means that healthcare facilities have the power to control most of these damaging threats. But they have to be proactive about implementing internal safeguards. Those actions are not necessarily expensive, labor intensive, or complicated. To the contrary, many reduce overhead and labor while simplifying front office procedures. They include such relatively easy steps as using encryption software and cloud-based systems; transitioning to digital record keeping; and doing a better job of reconciling, reporting, and auditing.
Healthcare providers need to have an action plan to respond to cybersecurity incidents, and it should be based on recommendations from the National Institute of Standards and Technology. The American Hospital Association also recommends that healthcare facilities check their insurance policies. Coverage should be sufficient enough to protect organizations from financial losses caused by cyber attacks.
But prior planning can help to preempt a cyber attack or breach. Labor-saving payment platforms, for instance, can provide data encryption and tokenization, along with HIPAA and PCI compliance technologies. They also offer the valuable benefit of accelerated payment cycles and less paperwork that is vulnerable to human error. Internal reporting and analysis becomes easier, more flexible, and customizable – and those reports can be safely shared with third parties such as CPA firms or industry regulators. An all-inclusive system can optimize the entire process, while making life easier for both staff and patients.
Instead of healthcare entities always being on the defensive, they can regain confidence and control. The right technology and smart, proactive measures can enable them to get back to what they do best…delivering quality care.