One of the most compelling arguments for healthcare IT security comes from examining those that have experienced issues before you. More often than not, however, these stories get pushed to the side, written off as anecdotes and isolated incidents. For most industries, IT security is an afterthought, but the additional layer of HIPAA compliance and security concerns that come with being in the medical industry is particularly worrisome for some practices. Maintaining the security of patient data, avoiding unnecessary access, updating antivirus definitions and making sure to install security updates and patches are just a small portion of security. If you’ve written healthcare IT security off in the past with this excuse: Data exposure and security issues won’t happen to us. But the statistics are proving otherwise. Netiq’s 2015 Cyberthreat Defense Report is out and some of the statistics are looking a little scary. Don’t believe me? Check them out for yourself:
19% of healthcare practices reported a security breach within the last year. Cyberattacks can happen a variety of different ways, from lazy employees to lacking security. Across the board, industries are reporting an increase in detected incidents, and the healthcare sector is no exception.
12% of healthcare practices reported at least one known case of medical identity theft. 17,000 patient records are breached per day on average. That’s a lot of compromised data. It’s a lot of patients who would lose confidence in your practice. How do you avoid a breach? Make sure that your antivirus is up to date and that all operating system patches and updates are installed at your individual workstations and on your servers. Ideally, you would have a centrally managed Enterprise quality antivirus that could be updated by our IT partner.
74% of healthcare practices are not encrypting data on their mobile devices. 22% of breaches since 2009 were due to unauthorized access, with an additional 35%of breaches occurring as a result of theft of non-encrypted devices. BYOD is making security a top concern for healthcare providers that use mobile devices. Encryption and additional security measures like secure passwords and approved app usage is crucial for all healthcare providers.
91% of healthcare practices are using cloud-based services, yet 47% are not confident in the ability to keep data secure in the cloud. It’s important that when you move to a cloud-based service or software that you understand what measures they take to secure their servers. While we recommend the cloud for most of our clients, you need to do your diligence and make sure that the provider is reputable and invests heavily in security.
It’s hard to see where the risk lies when you’re caught in the day-to-day operations of your practice, but the statistics are clear and the risk is very real. Rather than being scared of these statistics, take them as a cue to start ramping up your IT security throughout your organization.