Security Check by Bret Piatt Jul 15, 2016 Cyberattack Rate Doubles in the Healthcare Industry HIPAA Risks and Healthcare Attack Research New research from Ponemon Institute indicates that healthcare organizations are under attack. Breaches are up 100 percent since 2010. These breaches cost the industry roughly $5.6 billion a year not including the fines and penalties associated with HIPAA violations. 91% of small healthcare practices have reported to suffer a data breach or data loss in the past 12 months. Data Breach Stories Patient Records Held for Ransom Imagine logging into your computer system one day only to find a ransom note from a hacker demanding money in exchange for a safe return of patient records. This happened to Dr. Derm’s medical practice in the greater Chicago area – and he wasn’t prepared. Hackers broke into the office server, encrypted the patient data and gave an ultimatum: Pay the ransom or never see your patients’ data again. Dr. Derm paid the hefty blackmail to get his records back. Unfortunately, he also had to pay HIPAA violation fines, suffered negative press, lost reputation, and had significant patient attrition. 81 percent of all data breaches happen to small businesses. Dental Office Struggles to Recover from Cyberattack When California dentist Catherine Steinborn’s server was compromised, she never anticipated the stress and financial impact it would cause her. Information including Social Security numbers, medical insurance information, billing information and patient addresses and phone numbers were stolen. Dr. Steinborn had to commit to paying for free credit monitoring and identity restoration for every single patient. $150,000 average direct cash cost for data breach of a medical practice with 2,000 patients. How To Pick The Best HIPAA Compliant Data Security Solution 1. Ask for details about their data centers where your backup data will be kept Keeping sensitive data on a portable device is not recommended – it is better to store your data in an offsite location with a secure environment, such as a HIPAA compliant data center with the proper physical and network security in place to protect PHI and prevent a data breach. Your data backup provider should tell you where their data centers are, what audits they undergo, and back that up by providing a HIPAA Business Associate Agreement (link to download the Jungle Disk BAA). Jungle Disk stores all data in Amazon Web Services or Rackspace facilities in the United States or EU (Ireland). 2. Ask how the internet network security will defend from all types of threats David Finn, health IT officer at Symantec, said all of the provider organization executives he spoke with at the recent 2016 Annual HIMSS Conference and Exhibition told him they had noticed an uptick in the number of ransomware hits. “We have the tools to catch these attacks nowadays, but you cannot do it with a single product, you need a multi-layer defense strategy – if your end-point protection doesn’t stop a ransomware hit, for example, then maybe your network protection will get it,” Finn said. “Maybe a ransomware hit comes in through a web gateway rather than an e-mail, or maybe through a jump-drive someone got from who knows where. You cannot just look at e-mail and say all the bad stuff is coming in this way, you have to have multi-layered products, correlate data from these products, and use that intelligence.” Recommended layers of protection: Firewall Intrusion detection and prevention (IDS / IPS) Anti-malware and anti-ransomware defense Web content filtering Data leak and data loss prevention (DLP) We offer a free network security test and know with our unified threat management solution in place that you’ll pass all 7 checks. We’re even confident enough that we provide a $10,000+ data breach guarantee. 3. Ask what they’ll do for you if an incident happens In the unfortunate situation that a problem does occur the last thing you want to do is wait hours or days for a reply to a technology support ticket or sit listening to hold music. Your provider should have experts available to you via phone with little to no wait. Find out if their experts will help you through the data recovery and restoration process or if they’re only there to help if you are stuck installing their software. When you have an incident you will need some of your data restored right away for the records you need to do business today. They should be there to help you find the urgent data and then follow back up to ensure all the rest of your information is recovered and restored once the crisis is handled. We’ve secured business data for over a decade and have a top rated customer service organization available via both web chat and phone in real-time. They’ll also screen share to walk a customer through more complex issues. Data security is more important now than it ever has been for medical groups and individual practices. The cost of putting the right solution in place is now much lower than the cost of doing nothing and hoping it doesn’t happen to you.