PCI DSS 4.0 - Are You Ready? Get a Discount on a Readiness Assessment - Learn More
healthcare security
Author Picture

Updated on August 16, 2022 by Robert Godard

Listen to: "Why Healthcare Security Is A Must"

In recent years, hackers have been profiting from private healthcare data, and these types of security incidences show no signs of stopping anytime soon. With significant healthcare breaches like those that affected Molina Healthcare, which impacted 4.8 million patients, and the hundreds of thousands of children’s health records that were compromised from pediatricians’ offices, it is clear that there is a need for providers to increase their security measures to protect important patient data.

With these recent breaches having impacted so many patients’ private data, many individuals and healthcare organizations may find themselves wondering what healthcare data they hold that might be dangerous when it ends up in the wrong hands. Many providers may want to take this opportunity to review their data security measures to ensure that their patients’ private information is protected.

Why Hackers Want Your Healthcare Data

Healthcare data is a very profitable business for hackers. According to a recent report from Reuters, patients’ medical records are worth more to hackers than credit card data. Hackers can get $10 for each individual healthcare profile on the black market, which is about 10 to 20 times the amount of money they would receive for credit card information.

With a patient’s list of diagnoses and prescriptions, an individual can order costly medications or medical equipment and resell them for a profit. These hackers can file fraudulent insurance claims to get reimbursements or may even use patient healthcare data to obtain free healthcare for themselves. Unlike most credit card companies, many healthcare providers are not as vigilant when monitoring this type of activity. This allows hackers to reap the benefits of the data for a longer period of time, sometimes even years.

Why Healthcare Providers Need to Protect Their Data

Since healthcare data can be so lucrative for hackers, many healthcare companies and facilities have recently found themselves bombarded by cyber-attacks, which cost the U.S. healthcare system over $6 billion dollars each year. Many of these healthcare organizations are not prepared for these types of attacks, which puts their patient data at risk when a security breach occurs. One survey shows that 81 percent of healthcare providers and organizations have been subjected to these types of attacks over the past few years, an indication of how ill-prepared many healthcare providers are when it comes to data security.

With a recent required switch to electronic medical records, patients are now more vulnerable than ever to be a victim of security breaches. That is why many hospitals, healthcare providers, and health insurance companies are slowly working to strengthen their data security to keep private patient information secure should a cyber attack occur.

Healthcare providers are subject to standards set forth by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as well as those presented by the Health Information Technology for Economic and Clinical Health (HITECH). This means that providers may experience fines or even potential jail time if they are not compliant with the healthcare data security requirements established by these national organizations. Not only are healthcare providers subject to fines, but as the statistics above have shown, there are considerable costs that these providers incur when reacting to such security breaches. That is why it is vital for healthcare providers, facilities, and insurance companies to take every measure possible to protect patient information.

How Healthcare Providers Can Work Toward Better Data Security

If your company is a healthcare provider or works with healthcare organizations, then you will need to ensure that your information systems provide a set of protocols and controls that keep patients’ electronic health information secure. One of the best ways to work toward better data security is by having experienced IT professionals perform an audit to assess potential risks and vulnerabilities to the integrity, confidentiality, and availability of the Electronic Protected Health Information (ePHI) that you are collecting, storing, or processing.

A data security audit will help ensure that your organization is remaining compliant with HIPAA and HITECH standards to avoid any penalties. In addition, an audit can help your organization find any gaps in security or improvements that need to be made in order to remain compliant and protect your patient information from security breaches. By improving data security measures across the organization, your company will not only be able to reduce costs associated with cyber attacks but also provide some reassurance to your patients and customers who entrust your company with their private health data.

Get Help Protecting Important Patient Data

Does your healthcare organization have the proper safeguards in place to protect patient data? I.S. Partners provides audits for healthcare providers working under HIPAA-HITECH standards to ensure that they are remaining compliant with federal regulations regarding healthcare data. Contact us by sending us a message or calling us at 215-675-1400 to discuss your HIPAA-HITECH audit and report, including ways to improve operations in order to better protect private healthcare data.

Get a Quote Try our Compliance Checker

About The Author

Author Picture

Robert Godard

CPA, CISA, HITRUST-CCSFP
Principal

Robert is a Principal with I.S. Partners, LLC’s Business Process/Advisory Services practice in Horsham, PA. Robert has conducted a variety of Financial Statement Audits for a range of industries such as banking, healthcare, payroll, employee benefit plans (Pension, Health and Welfare), Unions and Construction.

Robert’s specialty is in audits of IT Controls and Infrastructure, Financial Statements, SOC 1 and SOC 2 audits, HITRUST CSF Assessments, Model Audit Rule (MAR), including evaluating business process as well as IT General Controls surrounding the reporting of financial information. He also has experience with analyzing Health Insurance information from AmeriHealth, Blue Cross Blue Shield, Express Scripts and Delta Dental. Additionally, Robert has performed audits for Construction and Special Tax related credits (Historical Tax Credits). He has prior work experience using ISSI, Great Plains and Peach Tree.

Prior to joining I.S. Partners, LLC, Robert was employed with Novak Francella in the Financial Statement Audit division, where he worked as an associate on external audit engagements in accordance with GAAP and DOL requirements.

Robert has a Bachelor of Science degree in Finance and Accounting from LaSalle University, Philadelphia, PA.
clip

Get Hassle-free Pricing in 3 Easy Steps

1
Request a quote using the form below
2
Allow us to create a customized plan
3
We'll get you an accurate, no-obligation quote
Untitled-1 Asset 1 Request a Quote Background

Request a Quote

Please fill out the form below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235 or book a meeting with one of our experts.

Great companies think alike!

Join hundreds of other companies that trust I.S. Partners for their compliance, attestation and security needs.

Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal