By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
Healthcare faces threats from cybercriminal activity at rates that continue to rise. The patient data that they access and maintain is valuable on the dark web in more ways than one. It can be an access point for a greater breach and then used to manipulate or steal identities and attack victims individually.
To protect this patient data, HIPAA has been established to provide rules and guidelines for the handling of information securely. But there is one method of attack that is growing and might be overlooked when it comes to protecting patient data. It doesn’t lie within the process, but in the products that are used to electronically transfer information.
What Is API?
Application Programming Interfaces (APIs) in healthcare allow companies to talk to one another via applications. They are translating information and providing a centralized way of accessing information between applications. If you use a smartphone, you likely engage with an API daily. In healthcare, APIs are used to share information between application platforms, transferring patient data among providers securely and efficiently.
With this communication between programs comes increased interoperability as well as increased risk. A recent report from Imperva & Marsh McLennan Global Cyber Risk Analytics Center analyzed API-related data. They discovered that the lack of security may cause $12-23 BILLION dollars in cyber loss annually in the United States alone.
What Can Be Done?
Upfront security is critical. Investing in your healthcare company’s cybersecurity program is invaluable in protecting your patients and your business from falling victim to a breach. HIPAA Secure Now has experts in both HIPAA compliance and cybersecurity that work to provide you with total coverage. You need to identify the security risks, provide your team with training programs and continually review all of the processes and applications that you are working with to interact with patient data.
While healthcare isn’t at the top of the list (yet) for API risk, it is one of the biggest adopters of APIs across all of the sectors reviewed.
This article was originally published on HIPAA Secure Now! and is republished here with permission.