COVID-19 IS RESPONSIBLE FOR A RISING NUMBER OF BREACHES 

The pandemic, which encouraged people to work remotely and saw a sudden spike in the use of telehealth, caused a rapid change in technology and how data is shared. The way data is exchanged shifted when remote employees began tapping into the facility’s network to access data, and patients started receiving virtual care. The more devices connected to the network, the greater the “surface area” for cyberattacks.
 
“The pandemic forced 60% of organizations to move further into the cloud. Such a rapid change resulted in vulnerabilities being introduced and security often lagged behind the rapid IT changes,” noted the HIPAA Journal. “Almost 20% of organizations that reported data breaches in 2020 cited remote work as a factor, with the cost of a data breach around 15% higher when remote work was a factor.”

A common cause of data breaches is compromised credentials, which is when a person steals or otherwise gains access to an authorized person’s credentials and uses them to access a network and steal information. This allows the hacker to sign onto a network rather than hack in, making these stealthy breaches take longer to detect than other types of attacks—an average of 250 days to detect compared to the overall average of 212 days for all types of breaches, according to HIPAA Journal. This means if a hack occurs on January 1, it won’t be discovered until September 8.

PROVEN SECURITY SOLUTIONS ARE NEEDED TO MITIGATE DATA BREACHES

Clearly, facilities need to mitigate data breaches. One solution is security automation, which significantly reduces the cost of a data breach. HIPAA Journal reported that organizations with a fully deployed security automation strategy had average breach costs of $2.90 million per incident, compared to $6.71 million at organizations without it.

Likewise, companies with a hybrid cloud environment, which has data both on-premises and in the cloud, had lower breach costs than those that were primarily cloud. Typically, the more sensitive data is kept on-premises, which makes it more difficult to breach than in the cloud.
 
Regardless of where data is stored, a robust security system is needed to identify and prevent attacks. System weaknesses are among the most common vulnerabilities, with 67% of data breaches in healthcare in 2020 resulting from criminal hacking.
Healthcare organizations need the proper cybersecurity tools and strategies to prevent attacks, especially as companies migrate to the cloud and undergo digital transformations that enable more data-sharing across digital devices. These tools and best practices include:

• Conducting security checks to ensure HIPAA compliance
• Training staff in data security to identify potential breaches
• Monitoring tech devices for unauthorized usage
• Having a response plan in the event of a breach
• Updating security software and the IT infrastructure

HOW TO PREVENT DATA BREACHES IN HEALTHCARE

Healthcare organizations are being targeted for a reason—healthcare data is more valuable to cyber criminals than any other data. The healthcare information often includes personal details and medical issues that can be used for scams.

Stopping breaches is a difficult task, especially because facilities often have many security vulnerabilities and lack the in-house data security expertise necessary to solve problems. Organizations need the ability to identify threats and respond quickly, which requires having the right technology solutions.

Facilities can take actions now, including:

• Making sure their security software is up to date
• Implementing stringent password policies
• Keeping servers current on security patches
• Educating employees on best security practices 

Working through a group purchasing organization (GPO) allows organizations to implement a strong IT defense at a competitive cost while upholding best practices and HIPAA compliance requirements. This can help facilities prevent data breaches and avoid the monetary and reputational damage that can result from stolen data.