More Than Piece of Mind: Securing Your Healthcare Organization’s Electronic Health Records

0
187

For seven years running, the healthcare industry holds the title of ‘Most Likely to be Hacked.’ A study by IBM and the Ponemon Institute found that stolen electronic health records (EHRs) are once again the top prizes for hackers, worth 2.5 times more than any other type of data.

According to Forbes Magazine, the going rate for your Social Security Number on the black market is only 10 cents, while your credit card number is worth about 25 cents. However, your patients EHRs can pull in an astonishing hundreds or even thousands of dollars per record!

With cyberattacks on the rise, securing your medical office’s EHRs is more important than ever to protecting your practice and your reputation.

According to HealthIT Security, the price EHRs fetch has steadily increased the last two years, surpassing the cost of the global average:

• 2016: [$355 per stolen record] [$158 global average]
• 2017: [$380 per stolen record] [$141 global average]

As of 2016, almost 90 percent of healthcare organizations have suffered a cyberattack.
The smaller the medical office, the easier its digital defenses are to breach. Hackers are able to deploy a ransomware attack at scale, breaching hundreds of thousands of medical practices at once, which makes pillaging healthcare organizations a lucrative venture.

What Are Hackers Looking For?
The reason why hackers love EHRs, and why they are so valuable on the black market, is because they contain such personal, detailed information. Medical records often contain:

• Patient Names
• Addresses
• Occupations
• SSNs
• Credit Card Numbers
• Billing Information
• Confidential Medical

Cybercriminals sell this information to the highest bidder on the dark web. The buyer commits identity theft in your patient’s name, takes out loans, credit cards, etc. and drains your patient’s financial resources and ruins their credit.

When this wealth of information runs dry (or the victim flags the suspect purchases) the thief switches to the confidential medical data. The data is then used to blackmail patients.

In other cases, criminals use the private information to scam patients using social engineering. Through social engineering, a hacker manipulates their target to commit an action using information valuable to the victim. For example, someone who suffers from diabetes might be susceptible to targeted advertising for an unregulated supplement that claims to cure diabetes without negative side effects.

How is Healthcare Overlooking this Cyber Epidemic?

Healthcare organizations are particularly susceptible to digital incursion for three main reasons:

• They believe that your practice is too small to be targeted: Hackers go after small to medium-sized organizations because they are less likely to have cybersecurity measures in place.

• They lack employee cybersecurity training: Employees open and respond to malware-infected emails, grant WiFi access to patients, store EHRs, and billing information.

• They lack a detailed cybersecurity management plan: When a cyberattack occurs, personnel don’t know how to respond because there is no action plan.

What Can You Do to Secure Your Medical Organization?

Adopt encrypted cloud storage: The cloud enables approved users to access and share data across teams through monitored authentication.

Implement antivirus software detection: Antivirus software alerts you to the presence of viruses, botnets, toolkits and other cyber threats that could harm your EHRs.

Provide cybersecurity awareness training: Close to 90 percent of cyberattacks are caused by human error. Cybersecurity training courses could alert your staff to recognizing red flags.

Invest in insurance coverage: Cyber insurance secures your medical practice by providing crisis management services, lost income reimbursement, and legal support. Paired with the right business insurance, your organization will be physically and virtually protected!

Have a cybersecurity plan: Your plan should include what to do in the event of a cyberattack. Steps to take are: contacting your insurance provider, quarantining the breach, and alerting your patients.

Understanding your cybersecurity is central to securing your practice, your patients, and your reputation. For a hands-on security approach, review your current cybersecurity practices and make changes where you find oversights. Invest in a cyber liability insurance plan that matches your organization’s unique needs and evolves with your practice over time. If you don’t take the necessary precautionary measures, your security will flat line your organization.

About CoverHound and CyberPolicy
CoverHound is an insuretech company for consumers and businesses to easily compare and purchase insurance, built to deliver fast, accurate, and actionable rates from leading US carriers based on their specific needs. Developed by a team with deep insurance and online financial services experience, CoverHound is dedicated to providing best-in-class customer experience. CoverHound also understands that the most valuable asset to any person or company is data. That is why we established our subsidiary, CyberPolicy to help small businesses “Plan. Prevent. Insure.” their data from cyberattacks. CyberPolicy is a wholly-owned subsidiary of CoverHound.

About The Author

Keith Moore
CEO, CoverHound

Keith Moore is CEO of San Francisco-based CoverHound, a recognized insurance technology leader in both Personal and Commercial P&C Insurance. In 2016, Keith founded CyberPolicy, which leverages CoverHound’s leading distribution platform to bring industry-first Cybersecurity + Cyber Insurance options to the US online. Keith has over 20 years of successful digital product and marketing innovation experience, most notably as GM and SVP at LendingTree [NASDAQ: TREE] and IAC [NASDAQ: IAC]. In just the past three years, Keith has raised over $77 million in new capital for CoverHound and CyberPolicy. In Q2 2017, Keith was a Northern California finalist for the Ernst & Young Entrepreneur of the Year Award.

ABOUT COVERHOUND AND CYBERPOLICY
CoverHound is an insuretech company for consumers and businesses to easily compare and purchase insurance, built to deliver fast, accurate, and actionable rates from leading US carriers based on their specific needs. Developed by a team with deep insurance and online financial services experience, CoverHound is dedicated to providing best-in-class customer experience. CoverHound also understands that the most valuable asset to any person or company is data. That is why we established our subsidiary, CyberPolicy to help small businesses “Plan. Prevent. Insure.” their data from cyberattacks. CyberPolicy is a wholly-owned subsidiary of CoverHound.

CoverHound URL: https://coverhound.com

CyberPolicy URL: https://cyberpolicy.com
800 #: (800) 460-6467

1. https://healthitsecurity.com/news/healthcare-data-breach-costs-highest-for-7th-straight-year

2 https://healthitsecurity.com/news/healthcare-data-breach-costs-highest-for-7th-straight-year

3 https://healthitsecurity.com/news/how-much-do-healthcare-data-breaches-cost-organizations

4 https://www.darkreading.com/threat-intelligence/healthcare-suffers-estimated-$62-billion-in-data-breaches/d/d-id/1325482

5 https://chiefexecutive.net/almost-90-cyber-attacks-caused-human-error-behavior/