Data breaches hurt patients, medical practices, and businesses. Complying with HIPAA is of the most importance, but breach investigations are much more likely to occur than HIPAA audits. Why would you say? Well, there is only one federal agency that conducts HIPAA audits, while many federal and state agencies enforce data breach penalties. Data breaches can also turn into very expensive lawsuits.
While we believe HIPAA is very important, and we provide the tools and reports to report on your compliance, we do believe that focusing on protection against data breaches provides the best value for our customers.
But why are prevention and protection so important? Let me share some numbers that will hopefully clarify it for you:
Black Market Value: a credit card number is worth $1 in the black market, and a patient record is worth $50 or more. (Source: FBI Health Care Risk Notification, April 2014).
Only 115 HIPAA audits were performed from 2009 to 2013 of 700,000 covered entities. Only 100 per month starting in 2014 out of 3.7 million organizations were required to comply with HIPAA. But 13,000 Data Breach Investigations in the same year. (Source: HHS Office for Civil Rights).
About 81% of healthcare organizations allow employees to connect their personal devices to their network, but only 21% scan the devices for threats before letting them access network resources. (Source: Ponemon survey of healthcare organizations).
The cost of a breach is on average $188 per record compromised. (Source: Ponemon 2014 Cost of Data Breach survey).
56% of patients whose data was breached lost trust and confidence in their healthcare provider and moved their charts to a different professional. (Source: Ponemo 2013 Survey on Medical Identity Theft)
Of all data breaches reported, 31% are in the healthcare industry. (Source: EMC/RSA White Paper 2013). Note that most cases of data breaches are never reported to the authorities.
HIPAA Penalties: $1.5 million for a lost unencrypted laptop, and $1.7 million for a lost unencrypted hard drive.
63% of healthcare institutions have experienced a reportable data breach. (Source: Ponemon 2013 Economic & Productivity Impact of IT Security on Healthcare).
Only 43% of healthcare providers have an accurate inventory of employees’ and customers’ personal data. (Source: Worldwide study by PwC, CIO Magazine & CSO Magazine)
As you can see, the numbers weigh heavily on the security aspects of data protection more than the compliance aspects of it, yet most providers feel safe with an annual HIPAA Compliance Audit.
Compliance does not equal security. Organizations may think they are compliant, but data shows they are not secure. (Source: 2014 SANS Health Care Cyberthreat Report)
Do you want to find out how secure your network really is?
Contact us today to request a FREE, no-obligation Network Security Assessment! Our engineers will explain in plain English what needs to be done to completely analyze your technology infrastructure to ensure there are no holes that can be exploited to steal your livelihood.
The information we collect is not personally identifiable, provides us no access to your patient data or your network afterward, and is kept confidential. We can only use it to generate the reports you need to fully understand your risk level and what actions need to take place to fix any problems we can find.
You can download a sample of the reports using the form on the right side of the screen.