Last year was a bad year for data breaches, with no industry or organization apparently immune and the 2014 healthcare data breach forecast suggests things are likely to get a lot worse before they get better.
Millions of Americans have now had their healthcare data exposed and face an elevated risk of suffering identity fraud, many individuals have been notified their data has been exposed by different healthcare providers, insurers and government departments. The 2014 healthcare data breach forecast predicts more of the same.
Even when the best defenses have been put in place, data breaches are still suffered. Last year, hackers managed to break through the security defenses of many healthcare providers, but the biggest causes of data breaches in 2014 were employee negligence and bad decisions by the staff. Laptops were left in unattended vehicles or out in plain sight in hospitals; employees had a sneaky peak at the health records of fellow employees and patients; data was inadvertently allowed to be indexed in search engines, firewalls were accidentally turned off and employees caused Privacy Rule violations with emails and text messages.
Fortunately, healthcare providers have started to implement new controls to protect the data they hold on patients, and HIPAA Rules and now finally being adhered to. Unfortunately, while things are moving in the right direction there is still a long way to go.
2014 Healthcare Data Breach Forecast
InformationWeek has predicted the number of healthcare data breaches is likely to grow significantly in 2014, both in terms of number of incidents experienced and the number of records that are exposed in those data breaches. Large healthcare organizations may already have made the transition to electronic health records and implemented the safeguards to protect data, but small to medium size healthcare providers are some way behind and are struggling to meet the standards required by HIPAA.
One of the main problems is that many organizations have yet to realize that data security is now an integral part of the provision of medical care. Resources need to be diverted to ensure that any data recorded, stored or transmitted is always kept secure and protected from prying eyes.
Staff need to be trained on HIPAA Privacy Rules and instructed on the permitted disclosure of Protected Health Information (PHI) and Personally Identifiable Information (PII). The staff must become more security aware and policies and procedures covering the use of physical and electronic records need to become second nature.
Security defenses need to be improved and constantly monitored and updated and more robust protections put in place to prevent hackers from gaining access. Companies that invest heavily in IT security and become HIPAA compliance are more likely to weather the storm. But achieving compliance can take time. 2014 is likely to see even more breaches, unless healthcare providers and other HIPAA-covered entities work faster to plug security gaps.