IT Insider Blog

It is common for healthcare executives to report that securing their data is mainly focused around meeting compliance objectives so they can qualify for federal incentive programs. While participation in incentive programs is meant to increase meeting compliance objectives, they simply fall short in addressing the nuanced individual business practices that fall outside the scope of compliance measures. Compliance standards in and of themselves do not provide detailed guidance or a methodology to ensure protection of ePHI data.

As the number of compromised ePHI data continues to rise, healthcare providers are not waiting around to try and identify risks. 31,611,235 healthcare records were breached in the first 6 months of 2019, which is double the number of records exposed in healthcare data breaches in the entirety of 2018 (14,217,811 records). – According to the 2019 Mid-Year Data Breach Barometer Report from Protenus and Databreaches.net, cites HIPAA Journal.

E-mail is a pervasive target for hackers to exploit in healthcare and the problem is predicted to get worse. A 2018 HIMMS and Mimecast survey revealed that 87% CIO’s and IT directors surveyed believed that e-mail poses the greatest venerability to exploitation by hackers. E-mail’s sent by nefarious sources can cleverly deceive end users by looking legitimate and can contain links with embedded malware, viruses, and ransomware and all it takes is 1 click for an organization to be compromised.

As business operations continue to grow more complex and the sheer volume of devices connected to the internet continues to rise, many healthcare leaders are waking up to a new reality. Over the last decade new risks to data are posing an even greater risks to the long-term survivability of healthcare entities and patients they care for.

Rural healthcare providers across the U.S. are facing a wave of challenges like never seen before as widespread changes to healthcare legislation and changing market conditions are re-shaping how rural citizens get access the care they need.

Healthcare providers over the last decade have now become the target of cyber security attackers who exploit an industry weakened by historically low levels of security practices and insights needed to safeguard sensitive data. Governing bodies like the HHS and OCR are now increasing efforts to enforce tighter regulation as many healthcare leaders remain unaware of the risks involved with not adequately addressing compliance standards.