Every day in my newsfeed I’m alerted to yet another compromise to patient information. The headline isn’t always the attention-grabbing ones that we see when major credit companies or big-box retailers are exposed. These are just listed, one after the other, identifying locations of healthcare businesses, whether it be hospitals or private practice, that have had possible exposures.
If you are part of a private practice or small organization that works in the healthcare industry, you need to be aware: this is happening in your office. It doesn’t always happen in the huge hospital with thousands of employees, the locations that we assume have less control over such a large employee base. This is happening everywhere. The doctor’s office with the same 3 people who have run the front office for years; the dentist you’ve been going to see since you were a child.
Patient data is a coveted treasure among cybercriminals and unless you are taking measures to protect it from end to end, you are at risk. While working with a trusted IT advisor is critical, you also need to ensure that you are covered if a breach does occur.
Those compromises that are listed in my newsfeed don’t say that patient data was stolen and sold, they merely confirm the fact that it was seen by uncertified eyes. That means, they don’t know what happened, but they do know that it could pose a problem in the future. So, in order to protect their business and reputation, they are going to incur the cost of credit monitoring. What you don’t hear about is the cost of the forensic expert or additional breach resources that were needed even to identify if data was compromised.
Verify that you have a cyber insurance policy to protect you in such an incident. Without it, your business and its health are at risk of “not making it”.