Healthcare Executives and IT Need to Re-Think Data Security Procedures in the Wake of Anthem Data Breach

Healthcare Executives and IT Need to Re-Think Data Security Procedures in the Wake of Anthem Data Breach 

It seems like we’re hearing more and more about data breaches in the healthcare industry – from small doctors’ offices to large hospital systems, and now, the U.S.’s second-largest healthcare insurance provider, Anthem. Anthem has confirmed a security breach that resulted in the exposure and theft of up to 80 million records. According to Joseph Swedish, President, and CEO of Anthem, the data stolen included client names, dates of birth, physical and email addresses, medical IDs, and Social Security numbers. Here are just a few of the other data breach-related headlines from SC Magazine over the last couple of weeks:

• “Stolen devices contained data, 2,700 Senior Health Partners members notified” – February 3, 2015
• “UMass Memorial Medical Group announces potential insider breach” – February 2, 2015
• “Wisconsin chiropractic clinic notifies 3,000 patients of insider breach” – January 29, 2015
• “Wisconsin chiropractic clinic notifies 3,000 patients of insider breach” – January 29, 2015
• “Albany health system notifies more than 5,000 patients of data breach” – January 26, 2015

What many of these stories have in common is that these breaches have been caused by insiders – whether they were accidentally or maliciously careless with access information and/or devices that enabled an entry point to sensitive data. People are often the weakest link in the cyber-defense plan at any healthcare organization. Anthem claims that hackers compromised five workers’ credentials, probably through some kind of phishing scheme.

According to information maintained by the Office for Civil Rights at the Department of Health & Human Services, of healthcare breaches involving more than 500 individuals’ records since September 2009, 52% of the incidents were attributed to theft, 8% to loss of storage media, such as a laptop computer or thumb drive, and 4% to improper disposal.

Here are some eye-opening numbers from the Ponemon Institute’s Fourth Annual Benchmark Study on Patient Privacy & Data Security:

• Criminal attacks on healthcare systems have risen a startling 100% since Ponemon first conducted its Annual Benchmark Study on Patient Privacy & Data Security study in 2010.
• 90% of healthcare organizations surveyed had data breaches in the last two years, 38% had more than five
• Criminal attacks increased from 20% to 33% in 2012
• The average financial impact of a data breach over the past 2 years is $2 million
• The potential cost to the healthcare industry could be as much as $5.6 billion annually

The healthcare industry is rapidly changing, facing the increased risk of security breaches and new regulatory requirements to prevent them. As organizations continue to transition to electronic medical records and data storage, they have a new and more complex level of responsibility to protect patient privacy. Healthcare executives and information technology administrators need to be re-thinking their data security procedures.

Brass Valley is establishing leadership in IT lifecycle management services for healthcare providers, leveraging the experience and strict protocols developed through years of working with the Financial Services industry. We have been able to save our healthcare clients time and reduce their exposure to risk as they make the transition to a secure electronic data management environment. While every organization faces unique challenges, Brass Valley has the foundation of people process and technology to address any IT Lifecycle Management issues.

Contact us to discuss how we can help you manage your deployments, offline asset management, and secure disposition.

Related Reading:

The Insider Threat: Your Trusted Employees Could Cause a Major Data Breach

Data Breach Is No Longer Just an IT Issue, but a Business Issue

Whitepaper: Embedded Data: Your “Hidden Secret” to Stopping a Major Data Breach — A call for awareness to the security threat of embedded data

About Brass Valley

Brass Valley is an IT Asset Lifecycle Service provider and industry leader in client protection practices. Our combination of processes, products, documentation, and insurance help prevent off-network data breaches, giving your organization the best platform of protection available today. We work with clients and industries such as financial services, healthcare, and the Fortune 1000 where protection of sensitive information is a high priority.