According to the Ponemon Institute, 90% of healthcare organizations have experienced a data breach within the last two years. This is an astounding statistic for many reasons. For one, 90% of anything is crazy. Imagine that your investments lost 90% of their value. Not a pretty sight. Additionally, the information that is being lost is subject to both HIPAA and regular data privacy laws. Companies know that they face massive penalties for compliance violations and around 90% of them still were breached.
A likely reason that healthcare is such a targeted industry is that protected health information (PHI) is worth around 10-20 times more than a stolen credit card. Healthcare hackers are generally motivated by financial gain, rather than wreaking havoc for havoc’s sake. The value in stolen PHI lies in its longevity. Credit cards can be frozen once the holder realizes they don’t have control over them. Conversely, PHI can’t simply be canceled. Breaches result in very personal information being leaked and patients are often notified much later because they’re harder to detect.
One reason that they are hard to protect is that sometimes they come from the inside. Because of the high financial incentive, some employees turn to sell patient info. While this is not a normal route for employees to take, it probably occurs more than you would think. It’s estimated that around 25% of healthcare breaches come from malicious insiders.
In addition, healthcare lags behind other industries in terms of IT and security. Many organizations have to deal with legacy software so they aren’t as protected as they should be. A chain is only as strong as its weakest link and old hardware often drags things down with it. There isn’t really a quick fix for this problem as equipment takes time to upgrade. However, with the proper security precautions in place, data breaches can be prevented.
SecureCircle can provide the protection that your organization needs. We are able to all but eliminate the risk of insider threat within the company. All of your files will be encrypted and only those within the company that has SecureCircle protection will be able to access them. Therefore, if an employee tries to send a patient file to an unauthorized third party, the third party won’t be able to read it. We also work with any operating system, any application, any file size, you name it. Make the right move for your organization and contact us today.