The Health Insurance Portability and Accountability Act (more commonly known as HIPAA) is the act that is dedicated to securing sensitive patient data. HIPAA compliance is not an option; rather, it’s an established law that healthcare facilities must adhere to strictly, or else face hefty fines and the revoking of practitioner licenses.
In 2013, the final Omnibus Rule was passed. This rule makes it so patient record violations will cost businesses anywhere from $100 to $50,000 per patient with repeat violations in the same year costing $25,000 per patient. In other words, a breach of about 27 patients could be enough to cost an organization in excess of one million dollars.
As viruses and cyberattacks evolve, HIPAA compliance violations will become more commonplace throughout the world. There are many organizations that have been compromised, just in the past year.
Let’s take a look at a few of them.
Data Breaches in Practice
In California, the UC Davis Health Medical Center fell victim to a phishing email. The malicious attacker then entered into the system and began to phish internally to gain information and request money from other staff members. While there is no definitive proof that information was taken, around 15,000 patients were notified of a security breach that included compromisation of patients’ names, addresses, phone numbers and, in some cases, medical record numbers, diagnoses and social security numbers.
In January of 2017, one of Pennsylvania’s largest health networks became compromised. The Women’s Health Care Group of Pennsylvania was hit with a devastating ransomware attack that copied 300,000 patient records. These records included patient names, social security numbers, birthdates, blood types, and medical diagnoses.
The Wyoming-based medical supply company Airway Oxygen was compromised by a ransomware attack in April of 2017. The stolen information from the breach includes names, addresses, birth dates, contact telephone numbers, medical diagnoses, health insurance policy numbers and details of the services the company provided to patients. The total number of affected patients is as high as 500,000.
Data security breaches don’t just happen in the United States. In May of 2017, the National Health Service in the U.K. was affected by a massive ransomware attack known as “WannaCry”. The hackers demanded more than $500,000 for the return of the patient records that they stole. Within 10 hours of the attack, another 74 countries across the world reported the same WannaCry variant attacking organizations within their borders.
Staying HIPAA Compliant
Data breaches are highly dangerous to the healthcare industry. They are extremely costly, and they can tarnish the reputation of an organization permanently.
However, there is good news. Avoiding data breaches isn’t an impossible task. With proper preparation and established security countermeasures, you can mitigate any risk from cyberattacks.
Having a dedicated data security plan is the key to remaining HIPAA compliant. In order to achieve compliance, your best course of action is to partner with a managed service provider. Ideally, they should have proven experience in both data security and HIPAA compliance.
With enhanced data security from IPRO, you’ll be protected from such attacks. We establish multiple levels of security to safeguard you from malicious cyberattackers. We leverage technology such as advanced Fortinet firewalls, intelligent antivirus programs, and our total data protection solution.
If you’re interested in seeing how we can help to secure your HIPAA compliance, reach out to us today.