Cygilant Blog

Getting Healthy

Posted by Security Steve on Sep 2, 2014

EiQ for healthcareEvery decade finds another health trend.  Grapefruit diets in the 70’s; power-walking in the 80s’ fat-free eating in the 90s; and ZERO carbs to start the millennium.   Fast-forward to 2014.  Juicing and kale aside, one of the biggest health trends in this decade is decidedly UN-healthy.


Unfortunately, for the healthcare industry, the sad state of security breaches has been the growing trend.  According to Healthcare IT News (Feb 2014):


  • 1.84m is the estimated number of people affected by medical identity theft
  • $12B is the amount of out of pocket expenses incurred by medical identity theft victims
  • $233 Healthcare experiences the most costly data breaches at $233 per lost record
  • 43% of security breaches in 2013 occurred in healthcare (vs. 4% in financial sector)


Community Health Systems Inc, one of the biggest U.S. hospital groups, said on Monday it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other personal data belonging to 4.5 million patients.

That would make the attack the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009. The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.


Theft accounted for 83 percent of all large HIPAA privacy and security breaches*. Some 22 percent of breaches since 2009 were due to unauthorized access, and theft or loss of encrypted devices or computers accounted for 35 percent of all breaches; hacking accounted for 6 percent. 


"We are seeing an increase in attacks within healthcare," says Ann Patterson, senior vice president and program director of the Medical Identity Fraud Alliance. "The healthcare sector's security and privacy controls differ from more secure industries, such as financial services, and [healthcare organizations] may be easier targets."**


So back to those personal health trends.  For most of us, large scale change seems daunting.  We want simple routines and a blueprint for good health.  It’s straightforward and it works…..a regular, committed routine: 5-9 servings of fruits and vegetables, 30 minutes of exercise, sunscreen, 8 glasses of water and 7 hours of sleep and day.


And the growing trend of security breaches in the healthcare industry?  The approach is equally straightforward and equally successful. Many of these breaches can be easily avoided through regular risk analysis and updating company policies.  Healthcare organizations need to combine device scanning with an understanding of workflow, policies, and procedures, to get a more complete picture of what is actually happening in their environment.  From there organizations can implement a remediation plan that significantly lowers the risk of breach.  Often the biggest misstep is around risk analysis inadequacies. It’s the failure to perform a comprehensive, thorough risk analysis and then to apply the results of that analysis.


What else can healthcare IT organizations do to get healthy?  They need 24x7 incident monitoring, on-going assessments of industry security best practices and automated HIPAA reporting.  The solution must include proactive, real-time threat detection and remediation in order to minimize risk of downtime of critical systems. Finally, out-of-the-box HIPAA compliance reports, delivered regularly as part of the service, give healthcare providers a straightforward and effective way to get healthy.  And really, doesn’t that sound like a much better trend to be a part of?  Get more info at EiQ Network’s healthcare page here.



**Healthcare Info Security (Aug 2014)

Tags: Cyber Attack, Vulnerabilities, HIPAA

Most Recent Posts

Subscribe to Email Updates