Healthcare Executives and IT Need to Re-Think Data Security Procedures in the Wake of Anthem Data Breach 

It seems like we’re hearing more and more about data breaches in the healthcare industry – from small doctors’ offices to large hospital systems, and now, the U.S.’s second-largest healthcare insurance provider, Anthem. Anthem has confirmed a security breach that resulted in the exposure and theft of up to 80 million records. According to Joseph Swedish, President, and CEO of Anthem, the data stolen included client names, dates of birth, physical and email addresses, medical IDs, and Social Security numbers. Here are just a few of the other data breach-related headlines from SC Magazine over the last couple of weeks:

• "Stolen devices contained data, 2,700 Senior Health Partners members notified"
• "UMass Memorial Medical Group announces potential insider breach"
• "Wisconsin chiropractic clinic notifies 3,000 patients of insider breach"
• "Wisconsin chiropractic clinic notifies 3,000 patients of insider breach"
• "Albany health system notifies more than 5,000 patients of data breach"

What many of these stories have in common is that these breaches have been caused by insiders – whether they were accidentally or maliciously careless with access information and/or devices that enabled an entry point to sensitive data. People are often the weakest link in the cyber-defense plan at any healthcare organization. Anthem claims that hackers compromised five workers' credentials, probably through some kind of phishing scheme.

According to information maintained by the Office for Civil Rights at the Department of Health & Human Services, of healthcare breaches involving more than 500 individuals' records since September 2009, 52% of the incidents were attributed to theft, 8% to loss of storage media, such as a laptop computer or thumb drive, and 4% to improper disposal.

Here are some eye-opening numbers from the Ponemon Institute’s Fourth Annual Benchmark Study on Patient Privacy & Data Security:

• Criminal attacks on healthcare systems have risen a startling 100% since Ponemon first conducted its Annual Benchmark Study on Patient Privacy & Data Security study.
• 90% of healthcare organizations surveyed had data breaches in the last two years, 38% had more than five
• Criminal attacks increased from 20% to 33%.
• The average financial impact of a data breach over the past 2 years is $2 million
• The potential cost to the healthcare industry could be as much as $5.6 billion annually

The healthcare industry is rapidly changing, facing the increased risk of security breaches and new regulatory requirements to prevent them. As organizations continue to transition to electronic medical records and data storage, they have a new and more complex level of responsibility to protect patient privacy. Healthcare executives and information technology administrators need to be re-thinking their data security procedures.

Brass Valley is establishing leadership in IT lifecycle management services for healthcare providers, leveraging the experience and strict protocols developed through years of working with the Financial Services industry. We have been able to save our healthcare clients time and reduce their exposure to risk as they make the transition to a secure electronic data management environment. While every organization faces unique challenges, Brass Valley has the foundation of people process and technology to address any IT Lifecycle Management issues.

Contact us to discuss how we can help you manage your deployments, offline asset management, and secure disposition.