Health plans are top targets for cyber attacks. Fortunately, more are taking steps to prevent a data breach.
Crime dramas on TV are prolific and popular. Breaking Bad, The Wire, CSI, NCIS, Criminal Minds, Law and Order, and True Detective all play on our fears and often feature fascinating villains and dazzling technology. But cybercrime in healthcare is not entertaining. It’s deadly serious.
The Ponemon Institute’s 5th annual privacy and security report fingers criminal attacks as the number one cause of data breaches in healthcare, underscoring the seriousness and prevalence of cyberterrorism and the critical need for cybersecurity.
More than 90% of healthcare organizations and almost 60% of their business associates have experienced a data breach. Virtually 80% of healthcare organizations have experienced multiple breaches since 2010. According to the Office for Civil Rights (OCR), theft accounts for almost half of all cybercrime in healthcare. While credit card records are worth $1 on the black market, healthcare records command 5 times as much, because the rich data provides fertile ground for fraud.
Cybercrime occurs across the board in healthcare, but payers may be particularly susceptible because when criminals hack into an Anthem or Premera they open the floodgates to millions of records and data points almost instantaneously.
The Ponemon report showed that half of healthcare organizations and business associates have little or no confidence that they can prevent a data breach. While I acknowledge healthcare organizations cannot totally eliminate all risk of an incident or data breach, I am encouraged that more are proactively reducing their risk of a cyberattack or breach in a variety of ways, including:
· Beefing up privacy, security and compliance staffing, including in the C-suite, where chief information security officers are advocating for appropriate funding
· Creating, implementing and monitoring stringent policies and practices, including role-based access so staff can only view information on a “need to know” basis
· Conducting annual risk assessments to determine vulnerabilities and gaps and closing them
· Encrypting information at rest and in transit
· Dismantling USB ports on laptops so data cannot be downloaded or stolen
· Ensuring staff are trained and updated in privacy and security on an ongoing basis
· Setting up and monitoring alerts, performing penetration testing and establishing a crisis team and war room to immediately mobilize the resources necessary to stop intrusions and minimize damage
· To adjust to the shifting cybercrime landscape, following roadmaps created by the Office of the National Coordinator for Health IT (ONC) and others to build security and risk sharing into their infrastructure today and down the road
· Having third-party reviews of their policies, procedures, controls and infrastructure including annual risk assessments, intrusion detection, staff training etc. to identify and mitigate gaps and risks
· Buying cybersecurity insurance against being hacked
· Demanding that all their IT vendors and business associates demonstrate third-party review and accreditation for privacy and security
· Factoring security of personal health information automatically into all their innovative medical solutions
Savvy healthcare organizations know they can’t solve cybercrime in a half-hour or hour like must-see crime shows. They know robust cybersecurity takes time, effort and constant vigilance because the stakes are high. Fees and fines can add up, and loss of revenue always hurts, but being splashed on OCR’s Wall of Shame, and losing credibility with stakeholders and customers can cost even more. It can cost you your business.
Examining Low-Value Cancer Care Trends Amidst the COVID-19 Pandemic
April 25th 2024On this episode of Managed Care Cast, we're talking with the authors of a study published in the April 2024 issue of The American Journal of Managed Care® about their findings on the rates of low-value cancer care services throughout the COVID-19 pandemic.
Listen
Insurance Coverage Limits JAKi Therapy Access for Patients With AA, Especially Non-White Populations
April 25th 2024A survey study showed major barriers to Janus kinase inhibitor (JAKi) therapy for patients with alopecia areata, especially for non-White patients who face higher rates of being uninsured and struggle more to afford the treatment.
Read More
Empowering Community Health Through Wellness and Faith
April 23rd 2024To help celebrate and recognize National Minority Health Month, we are bringing you a special month-long podcast series with our Strategic Alliance Partner, UPMC Health Plan. In the third episode, Camille Clarke-Smith, EdD, MS, CHES, CPT, discusses approaching community health holistically through spiritual and community engagement.
Listen