As they manage the day-to-day activities of a bustling medical practice, providers and practice managers like to assume that the supporting elements of their business are running smoothly. That is, that their technologies are working effectively, their accounting measures are meeting compliance, their security measures are adequately protecting their data, and their medical billing service is managing the revenue cycle to success.
Without appropriate oversight, however, it’s very risky to assume that all is operating at optimum levels. Especially when it comes to data privacy, medical practices may not be investing in the right protective measures to adequately secure their digital information.
According to research compiled by security firm Protenus and data-breach news site DataBreaches.net, more than 27 million healthcare patient records were compromised in 2016 due to ransomware incidents, targeted data breaches, and other cybersecurity attacks. Though a total of 450 data breaches were disclosed by providers in 2016, the real number of breaches is likely far higher (given the propensity of organizations to shield such incidents from public knowledge).
Healthcare data is an increasingly high-value item for hackers, since it commands strong interest on the black market for purposes ranging from criminal financial activity to fraudulent prescription requests to blackmail, or worse. In today’s hack-heavy healthcare environment, providers and practice managers decidedly don’t have the luxury of assuming all’s well when it comes to digital security.
Ensuring that a medical office is protected from data breaches takes diligence. To boost your practice’s protections, here are some smart steps to follow.
Pony Up for an End-to-End Security Assessment: Small practices are often reluctant to plug significant financial resources into IT security. As a consequence, they receive only the (insignificant) protections they they pay for – leaving their networks vulnerable to attack. Providers often know that their patchwork, pay-as-they-go security measures are inadequate, yet they have no frame of reference for just how ineffective they may be.
Ultimately, you can’t correct a problem until you know how bad it is. If you’re guilty of taking a discount approach to IT security, now is the time to pay up for an end-to-end security assessment from a trusted third party firm or IT consultant. No matter the expense, it’s less costly than the fines, legal fees, and reputational consequences of a potential data breach down the road.
Scrutinize Your Staff & Boost Internal Awareness: Given what a hot commodity healthcare data is for cybercriminals, many sophisticated hackers benefit from allies inside medical practices and hospitals. Of the 450 known healthcare data breaches in 2016, around 190 involved an organizational insider with regular, condoned access to a confidential healthcare IT system.
Of course, not all internal-breach incidents are nefarious; while information (at large) is frequently leaked or sold deliberately to hackers, it is also often simply mishandled and left open to compromising attacks. As you assess and improve your protections, invest in bolstering your security policies internally and conducting staff training to improve security awareness and policy adherence.
Don't Hide from What You Find: Among the 450 reported breaches in 2016, Protenus’ research found that affected health care providers were unaware of their security attacks for roughly 600 days, on average. When it takes that long for organizations to uncover an incident, they are all the less likely to report it to the authorities. Yet in keeping an issue to themselves, practices heighten their risk of incurring severe reputational damage and ever-greater legal and financial penalties once the breach comes to light.
Whatever you uncover during your security audits and staff assessments, handle it. Purchase new IT solutions, deploy new malware-protecting software, hire a security firm, report a data breach, or otherwise. If you fail to address your issues (and choose instead to stick your head back in the sand when it comes to security), you’ll ultimately end up paying for it in the long run.
...and if you need help from a medical billing company...