By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
Many people in healthcare make the incorrect assumption that their business won’t be a target for cybercriminals because they are “just a one-man show” or “aren’t part of a big network”. Neither way of thinking is wise, because when a cybercriminal is trying to compromise data or an entire network, every organization is valuable, and anyone is a target. In fact, one thing is always true when it comes to your likelihood of being targeted in an attack: the size of your business or your team doesn’t matter.
You could be a one-person practice and your spouse manages the office records – that makes you feel a little more secure, doesn’t it? Everything is in-house, and you know that you’re both very careful when it comes to making sure that there aren’t mistakes. Unfortunately, you’re still a target.
The Stress of the Times
As we emerge from the upheaval of the global pandemic, we find that many healthcare organizations are just steadying themselves from the stress and uncertainty that was brought on. There were losses to staff and changes to the way that business was conducted. These changes were often implemented without a process or thought out plan, and merely put in place to survive the onslaught of continual changes and burdens that the healthcare industry faced.
With cybersecurity breaches reaching an all-time high in 2021 according to many reports like this one, the IT staff at these businesses were also facing high levels of stress. Additionally, there was a staffing shortage going into the pandemic for these departments, which didn’t help matters either.
A breach can affect your healthcare business in a variety of ways. Some potential ways are that you could be subjected to ransomware, which means criminals will require you to pay a hefty fee to gain access to your own data that they locked (encrypted); credentials could be stolen – with you unaware as it happens. Meaning, that unknowingly criminals could be accessing your systems and stealing sensitive company or patient data. And of course, there is the subsequent violation of HIPAA rules and regulations that follow these breaches of protected health information (PHI). The following legal battles, as well as monetary and reputational loss, could render your business in a position to close rather than forge ahead.
If you think that a breach is only likely to happen to a larger organization, it’s time to reconsider. This list identifies breach incidents as reported to the government, and a quick scan shows that it is not only happening A LOT, but it is happening to small and large businesses alike. Business Associates, family practices, and large companies are all targets.
Each business has its own way of doing things. This means that you can’t put a blanket solution across every single one and expect the successful prevention of criminal activity to work. You need to look at your own risks and gaps to see where you might be lacking, and then mitigate those risks to secure your business and your patient data.
This article was originally published on HIPAA Secure Now! and is republished here with permission.