Yesterday another business, Community Health Systems, fell prey to a cyberattack: Hack of Community Health Systems Affects 4.5 Million Patients.
After the Target hack last year we’re seeing hackers get more sophisticated by the week and they are targeting sensitive data so it can be sold on the black market. And the Target hack goes to show that identity theft and data leaks are very real and widespread. They can affect anyone and everyone
Healthcare systems hold the most sensitive data you can think of. That’s why the Health Insurance Portability and Accountability Act (HIPAA) was created, and why it is so important that providers are HIPAA compliant. When healthcare data is compromised the damages are not always financial. From a criminal perspective think about the opportunities for blackmail and fraud that present themselves if you can get your hands on 4.5 million personal health records. This is a serious problem that calls for immediate action by the industry.
If you handle private healthcare data it is incumbent upon you as a doctor and a business owner to take measures above and beyond those required by regulations such as HIPAA. Here are some tips for healthcare professionals that you can use to minimize the impacts of these hacks.
- Send Secure Emails – If you send email at work you should always send encrypted. Email isn’t secure by default, and if you send any sensitive information from work it should be protected. It’s not just a HIPAA compliant practice – it’s a good practice in general.
- Reserve the Right to Revoke – If you send a sensitive email always reserve the right to revoke or expire that email. Email users are so used to the “fire and forget about security” approach to email that we’ve become accustomed to a total loss of control over the email messages we share with others. If doctors and patients at Community Health Systems had been using Virtru for Business to send their messages, they could have proactively revoked messages in the case of a data compromise.
- Limit Your Audience – If you are discussing patient data, limit your audience. The relationship between doctors and patients shouldn’t be compromised by an inadvertent email forward.
These security stories seem to hit the newswires once a week if not more frequently than that, and we’re not going to see a reduction in these stories unless everyone from consumers to business owners start to understand that security needs to be a default. For the healthcare industry especially, taking HIPAA compliant security measures will become increasingly more important. Need an easy HIPAA compliant solution?