Editor’s Note: BHM posted a data security article this past May and we felt the topic was covered for six months or so. August uncovered at least three significant data breach-related examples. This post reflects on the recent exposures. Here at BHM, security is first. One-Click and let our experts explain how. Click for more information.

Three stories caught my eye, this month, from www.beckershospitalreview.com.

  • August 3: Banner Health suffers year’s largest data breach; 3.7M affected
  • August 15: Bon Secours vendor breach affects 655k patients
  • August 22: OCR to investigate more breaches affecting 500 or fewer individuals

As much as the details differ between the three stories, one worry comes true: cyber security threats are growing.

August 3: Cyberattackers gained access to “a limited number” of Banner Health computer servers, including the servers that process payment card information where food and beverages are sold at the Phoenix-based health system. Overall, 3.7 million patients, Banner health plan members and beneficiaries, food and beverage customers and providers, may be affected, making it the largest healthcare data breach of 2016.

August 15: On June 14, the health system discovered R-C Healthcare Management, a vendor providing data reporting optimization services, inadvertently left patient information available online while adjusting its computer network settings from April 18 through April 21.

August 22: HHS’ Office for Civil Rights is increasing data breach investigation efforts and is making a concerted push to look into smaller breaches affecting fewer than 500 people.

These don’t even touch on ransomware which a recent www.ahcmedia.com article reports, “Ransomware attacks have been recognized by the FBI as a serious threat, and some experts predict there will be more after the February incident in which Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 to hackers who took over its systems.”

Next Steps For Data Security

Before IT starts pulling the covers over their heads, processes and options keep pace with these new attacks. Learn more about the Health Information Trust Alliance (HITRUST) https://hitrustalliance.net and the HITrust certification for organization working and sharing data throughout the healthcare system.

Choose third-party vendors may lower exposure risk, if the right questions are included in the vetting process.

News of data breaches and cyberattacks have been ruling the headlines. As cyber attacks become more common it’s crucial for healthcare organizations to learn how to protect themselves, and their patient’s data, from breaches and attacks.

A recent press release from the National Association of Insurance Commissioners (NAIC) identifies hacking as the most common type of data breach, with 1/3 of all data breaches that occurred in 2015 tracked back to hacking.

“With millions of data records stolen each day, cyber security is more important now than ever. It is imperative consumers learn their options for defending themselves against growing cybersecurity threats.” – John Huff, President of NAIC.

Data security has become a very important issue for C-suite level executives in the healthcare industry. Whether you are a health plan or hospital, here are 5 important questions to ask about data security within your organization.

  1. How is your organization encouraging minimal access to records?

  2. How are you enforcing protocols set in place to ensure no one accesses a record unnecessarily?

  3. Does your organization have a zero-tolerance policy for breaches within your organization?

  4. How are records protected and are they encrypted? Emails or other computer based communications should be encrypted as well. Have these encryptions been tested?

  5. How are breaches reported? What is the timeline for investigation?

The National Association of Insurance Commissioners (NAIC) is the U.S. standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, the District of Columbia and five U.S. territories. You can read the full press release here.