Don’t Overlook It
When you consider a healthcare organization’s role in protecting patients, it’s easy to look at things from a high-level and miss out on some of the most critical protections an individual needs, expects and is owed.
For example, when I think about protecting patients, my mind goes directly to the reason behind their office visit, scheduled surgery, etc. My first thought is, “how is the provider or individual they sought out going to protect them?” Whether that be protection from the flu or a root canal, my mind immediately associates patient protection with their physical health.
This thinking isn’t wrong – of course, patients need to be protected from ailments, injuries, etc. but what else? What else could they possibly need a healthcare organization to protect them from?
There’s really no way or need to sugarcoat it. Cybercriminals are relentlessly targeting the healthcare industry for many reasons, all of which are out of the patient’s control. Let’s dissect that thought a bit.
Healthcare organizations have a rich supply of patient data. Medical records bring in big money on the dark web, making the value of targeting healthcare undeniable. But with that said, would a cybercriminal focus their efforts on breaching a healthcare organization if they were more difficult to breach? We can’t say for sure but considering the healthcare industry has a bad rap of being an easy target for cybercrime, it’s unlikely.
It’s Not All Their Fault…
In many instances, healthcare employees are not receiving adequate training in both HIPAA and cybersecurity. Uneducated employees cannot be expected to follow the rules they don’t know exist, just as they can’t be expected to stop a phishing attempt when they don’t know how to spot a phishing email in the first place.
In addition, healthcare organizations often see frequent turnover, have outdated equipment/software, suffer inappropriate disposal errors, and more.
Don’t Close Your Eyes
Now, you can likely see why a data breach at a healthcare organization can put a patient at risk. That’s right – for reasons unrelated to their health, patients are at tremendous risk, because of their healthcare providers, or their provider’s vendors who have access to their medical information.
THIS is a huge problem that we, as an industry, can no longer ignore.
Whether you’re a Covered Entity or a Business Associate, you have an obligation to protect the patient data you come into contact with; and patients deserve to have their data properly protected.
As a society, we are becoming conditioned to “expect” that we will be involved in a data breach. This is not only a bad thing for us as individuals but a bad thing for businesses. Knowing that breaches have become so commonplace that we will likely be involved in one, AND there’s a good chance that breach will not be caused by our own doing, is unsettling, to say the least.
Time for Change
Hopefully, as the issues surrounding cybersecurity continue to be brought to light in 2020, consumers will see the importance of protecting their data as best as they can, and thus, choose to work with businesses that they know are doing everything in their power to protect their data.
If a patient came to you with concerns about how their data was being protected – would you feel confident in your responses? Are you doing everything possible to protect patient data? If not, now is the time to make changes, not only to protect your organization from being breached but your patients as well.