This has already been a wild year when it comes to data breaches, beginning with the hack of insurance giant Anthem back in February that compromised the personal data of 80 million clients. A month later, 11 million customers had their medical and financial details compromised in a cyberattack on Premera Blue Cross.
Since then, things have only gotten worse.
Earlier this month, it was announced that Russian hackers successfully infiltrated the Pentagon’s Joint Staff email network back in late July and accessed the data of the roughly 4,000 military and civilian individuals employed by the Joint Chiefs of Staff. A few days later, executives at the tech firm Ubiquiti had no choice but to admit to their investors that a hacker had used a spear-phishing campaign to steal employee credentials and then made off with $46.7 million he siphoned directly from company bank accounts. One has to imagine that was a rather awkward conversation.
But seriously, 2015 has been like the hack-pocalypse… A hack-apalooza, if you will… Perhaps even a hack-tastrophe… In fact, one might even say it’s been HACKtastic!
I’m sorry… I'll stop now.
While data breaches have become a problem across nearly all business types, the most problematic of the bunch remains the healthcare industry.
A study recently released by the Identity Theft Resource Center found that nearly 35 percent of all data breaches (as of 8/18/15) were from the medical/healthcare industry. Healthcare was also responsible for 78.4 percent of all compromised records due to data breaches with a staggering total of 109,561,323 reported for the year.
That’s right… cyberattacks on healthcare entities are the top cause of data theft. Unfortunately, this is one of those cases where being No. 1 is actually a bad thing. Of course, for those in healthcare, data breaches already have all sorts of legal implications when it comes to things like compromised PHI and HIPAA violations.
And now, there is even more legal stuff for healthcare providers to worry about when it comes to data breaches. On Monday morning, a U.S. appellate court ruled that the Federal Trade Commission (FTC) had the legal authority to sue Wyndham Hotels for being willfully negligent in their cybersecurity and thereby allowing hackers to steal the data of over 600,000 customers between 2008 and 2009 (costing their patrons over $10 million in fraudulent credit card charges).
You may be thinking, “But this involved a hotel chain. How could the court’s decision affect my practice?”
Well, the court’s decision has also now set a legal precedent that gives the FTC future authority to sue any company (including healthcare companies) for data breaches that they deem to be the result of negligence. This means that future PHI breaches could potentially result in both the usual HHS fines in addition to a lawsuit from the FTC.
The truth is, maintaining the security of your network is more than just a smart thing to do for legal reasons… it’s also a business decision. Patients expect their data to be protected. In fact, a survey by Software Advice found that 45 percent of patients were “moderately or very concerned” about a breach of their personal health information. More than half of patients (54 percent) responded that they would be likely to change doctors if their current provider’s practice experienced a data breach. The likelihood of patient’s planning to change doctors increased if the doctor or staff members were responsible for the breach, and decreased if it was done by external hackers.
I’m sorry to have to tell everyone this… but we no longer live in a world where anyone, especially business owners, can be lax when it comes to cybersecurity. I know that the digital world can seem like a scary and dangerous place… but this is the Digital Age, after all, and we must all learn how to travel through it safely.
For more information on how to make sure your practice’s data and PHI are being properly protected, please refer to this series of past blog articles on cybersecurity.
HERE ARE SOME RELATED ARTICLES YOU MAY FIND INTERESTING
Is Your Practice's Software Vulnerable to the Log4Shell Cyber Threat?
By: Nextech | December 16th, 2021