Fact: did you know that more than 260 healthcare data breaches have affected more than 10 million patients? And did you know this happened in the span of just 2 years, from 2009-2011?
This is according to the US Department of Health and Human Services. You can check the entire list of data breaches here.
How do you stop this from happening at your business in the first place? After all, you don’t want to be the company who has to tell your patients their data’s been stolen and then deal with the fallout. Data breaches destroy patient trust, and can cost you a tremendous amount of business in the long run.
What should you do to prevent a massive data breach from hitting your organization?
Some tips:
1.Start with Ongoing Risk Assessment:
You can (and should) throw a lot of money at your IT department. Technology changes so fast these days that make cybercriminals hard to keep up with. Cryptolocker hits many small businesses, and you have to pay $300 – $1000 (sometimes more) to get access to your information again. But you shouldn’t just assess your IT security leaks. During that span from 2009-2011, the second largest heist involved stealing backup tapes from the rear of a truck. Assess all your data security needs.
2. Take an Inventory of Your Protected Health Information (PHI):
What patient information do you have? Where do you store it? Who has access to it? Take a complete inventory of all your PHI on an annual basis at least, and see what security measures you do (and do not) have in place to protect it.
3. Know that Preventative Action Costs Less:
This guide says that it cost $180 per health record to fix each breach in 2006. In 2011, that number was $200. It’s even higher now. So if you have 5,000 records attacked and stolen, you can easily pay more than $1 million! And that doesn’t include damage to your reputation and the business you may lose as a result.
Better to take action before bad things happen, and save your healthcare organization a massive amount of financial and time resources – and stress.
4. Train Your Employees:
Even though this tip gets mentioned in almost every data security blog post, employee mistakes continue to lead to the most cybercrime. IT can use antivirus and anti-malware programs to prevent breaches and even fix them after they happen. But no security solution is 100% perfect! Your employees need regular training on identifying spam e-mails, what types of websites to avoid at work, and what kinds of ads they shouldn’t click on. Maybe it needs to be as frequent as quarterly or bi-annually. Maybe you need to have an incentive system set up in place for desirable behavior. For example, you know how construction companies will pay their employees a bonus for having fewer accidents because it saves them worker’s compensation costs? Maybe you need to apply the same idea to reducing the number of incidents where employees click on spam e-mails or browse to unsafe websites. Remember, You can Easily Save Yourself $1 Million+ By Following These Best Practices “An ounce of prevention is worth a pound of cure.”
A Cliché, but so true – maybe doubly true – when it comes to data security and data protection for healthcare companies. Don’t take any risks. Protect your patients, and your business, now.