The data breaches that didn’t make the headlines this week

img_2014-09-04_HIPAA

SECURITY

This week’s headlines are all about the latest hacking scandal: over a dozen celebrities, including Jennifer Lawrence, had private photos stolen and shared on the internet. The story made headlines not because it impacts a large number of people, but because it is about celebrities and somewhat salacious. Last month’s Community Health Systems security compromise highlighted the vulnerability of HIPAA-protected data. A quick scan of reports over the past few years -- healthcare providers and systems have only been required to report data breaches since 2009 -- reveals that the number of reported breaches has increased by over 350 percent in five years. And experts expect that the number will keep rising.

The rapid and mandated adoption of electronic health records (EHR) is, no doubt, partially responsible for this dramatic increase, but the fact remains that the healthcare industry is increasingly attractive to bad guys. There are several reasons for this including:

  1. Healthcare security is relatively undeveloped. Compared to, for example, the finance industry, there are few universal protocols or protections in place across the industry to keep patient data secure.
  2. Medical information is a hot commodity on the black market. While a social security number might fetch 25 cents, reports indicate that a comprehensive medical record could go for as much as 50 times that amount.
  3. The healthcare industry, particularly public health departments, has been slow to respond to the mounting threat. While financial institutions have invested more time and resources -- and have larger budgets to devote -- into developing security, the healthcare sector is generally running older systems and less secure software.

With so much sensitive information stored in cloud-based electronic health record systems and no standardized security in place, we will see the number of attacks increase dramatically. And even if security does improve, any system that relies on browser based access is going to be vulnerable because a) a large number of people -- doctors, nurses, insurance agencies, benefits specialists -- all access records from different devices and through different browsers, and b) as we have seen across sectors, browsers are inherently insecure.

Silo has already been adopted by several private practices and other organizations to address HIPAA compliance concerns. At Northshore Dental, a quick setup has led to increased security around sensitive data, enabling practitioners to focus on what they do best -- providing care. Employee Benefit Specialists uses Silo’s single sign-on and data compliance controls to deal with sensitive HIPAA data across 40 different websites. Give us a call and let’s discuss how we can help keep your patients’ sensitive and valuable information safe!

Scott Petry - Scott is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007.

Topics: Security