As of June 30, 2014, more than 1,000 data breaches affecting more than 500 patients each have been reported to the Department of Health & Human Services – for a total of roughly 32,000,000 people who have had their privacy compromised. And, according to the annual Redspin Breach Report, published in February of 2014, 7.1 million patient records were breached in 2013, a 137.7% increase over 2012.
And, the threat is getting broader. Once caused primarily by snooping or negligent employees, data breaches are now increasingly caused by cybercriminals who realize the potential financial value of medical records. Case in point: The Chinese hacker attack on the 206-hospital Community Health Systems which resulted in the breach of 4.5 million patient records, the second-largest HIPAA breach ever reported.
No physician practice should consider itself immune. While large hospital systems may be most attractive to hackers, Eric Perakslis, executive director of Harvard Medical School’s Center for Biomedical Informatics, recently wrote in a New England Journal of Medicine article that 72 percent of cyberattacks have been aimed at hospitals, group practices and other provider organizations.
Perakslis recommends an “active learning approach” that involves real-time surveillance of emerging threats – and that includes an intimate knowledge of one’s own network and vigilance at one’s own practice. One of the most effective ways you can do this is to work with a company like ours who can help not only ensure security of your systems but also help teach you and your staff about common security issues.