In the April 2015 edition of Advance Healthcare Network’s Executive Insight magazine, I contributed an article on “Healthcare Data Casualties,” available on page 38 or online in the digital edition of the magazine. In the article, I discuss why healthcare breaches are on the rise and the key requirements to ensuring and proving endpoint IT compliance.
In the past five years, 31.4 million people in the US have had their Protected Health Information (PHI) compromised in privacy and security breaches. The value of PHI to cybercriminals just keeps going up, meaning that cybercriminals are out to exploit any weakness they can find. With ever-tightening regulations such as HIPAA, data security breaches can result in costly and very public penalties.
Forrester estimates that 78% of data breaches in the healthcare sector are due to lost or stolen devices. In the article, I explore three cases of data breach settlements directly related to stolen or misplaced endpoints. In one case, an unprotected laptop left in a car breached the data of 23,500 patients. Even without a report of unauthorized use, this breach resulted in direct costs in excess of $70 million in fines, penalties, lawsuit settlements and revenue loss related to a prohibition from conducting business in one State for 2-6 years.
In the article, I lay out the various costs associated with a data breach. Aside from loss of customer trust, which is the largest indirect cost to an organization, costs associated with breach notification and legal fees, healthcare organizations face substantial regulation costs and legal proceedings that can last months to years. To date, all HIPAA violations have been settled out-of-court to minimize these drawn out proceedings and the lack of precedent with HIPAA verdicts in court; the same is often the case for the inevitable class action suits that follow data breaches.
In order to ensure HIPAA compliance, and go above-and-beyond these regulations to further minimize the risk of a data breach and to minimize its impact, conscientious IT leaders will take a layered approach to security technology to minimize the risk of lost or stolen devices. In the article, I lay out seven steps to help secure healthcare endpoints and the data they contain.
How we can help: Your data security strategy should be bolstered by a persistent security and management solution that offers IT a trusted lifeline to each device in their deployment, regardless of user or location. Using Absolute Computrace as your solution, IT administrators have the ability to receive encryption and anti-virus status reports, monitor potentially suspicious devices, and remotely invoke pre-emptive or reactive security measures such as device freeze, data delete or data retrieval.