Healthcare facilities are a target for cybercriminals because of the overwhelming amount of personal information they collect on a regular basis. This data is specific to each person and health conditions cannot be changed like a credit card or phone number. When the COVID-19 virus hit the United States earlier this year, healthcare data breaches saw a steep incline. Hospitals and other healthcare facilities are more vulnerable than ever as cybersecurity is not the main priority during a global pandemic.
In the first half of 2020 alone, there have been 540 data breaches. This may not sound like many until you hear the number of people affected: 163,551,023. This data was taken from The Identity Theft Resource Center, which also showed that in 2019 there were significantly more breach victims during the first six months of the year with over 493 million affected. Though the number of victims may be lower, current circumstances make any healthcare record leak worse than ever before.
Largest Data Breaches of 2020
- Health Share of Oregon: A transportation vendor for Health Share had their laptop stolen, which held patient information for 654,000 people including names, contact details, date of birth and Medicaid ID numbers.
- Elite Emergency Physicians: The healthcare provider used a third-party company to securely dispose of patient records. The company, CentralFiles failed to do so and personal files were found intact on a dumping site. This included patients from 2002 to 2010.
- Magellan Health: A ransomware attack hit eight of Magellan’s health affiliates with almost 365,000 patients affected. Information breached includes employee credentials, passwords, W-2 forms and insurance data.
- Ambry Genetics: An email hack led to the compromised files of 232,772 patients during January. Compromised information includes names, medical information, and some social security numbers.
- Tandem Diabetes Care: The company manufactures medical devices for diabetes patients and experienced an email breach through a phishing attack that exposed the personal information of 140,781 patients.
Protecting Against Threats Both Physical and Digital
Hipaajournal.com states that from April 2019 to April 2020 there were a total of 39.92 million healthcare records breached. The main causes include:
- Hacking/IT incidents
- Unauthorized access
- Thefts of portable electronic devices
As is outlined above, healthcare facilities need to bolster both their digital and physical security when dealing with sensitive patient records. The first move is to train staff members and anyone using your internal systems in proper cybersecurity techniques. Knowing the difference between a phishing email and a legitimate message can mean secure files or a HIPAA violation.
Even if cybersecurity is at a strong level, there is a chance that a portable device is stolen either from within a hospital setting or during transportation between facilities. This is when secure data storage is needed. The SecureDrive products are hardware encrypted storage devices with FIPS 140-2 Level 3 Validation and are HIPAA compliant.
The devices have parts covered in a tough epoxy coating to prevent reverse engineering. They also require access either through an onboard keypad or remote authentication via secure mobile app. These unlocking methods ensure only the proper users are accessing sensitive data. Our products even have brute force anti-hacking to wipe the drive clean after 10 consecutive failed PIN entries.