(844) 411-0404

Protected Healthcare Information Update

Want to see if Cybriant is right for you?

Try a no-risk free trial today!

Short form

human(Required)
This field is for validation purposes and should be left unchanged.

What is Protected Healthcare Information (PHI)?

Protected healthcare information (PHI) under the US law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity) and can be linked to a specific individual. Your doctors, nurses, and other healthcare professionals need quick access to PHI data (social security info, insurance info, medical device info, etc.), but this is also the most sensitive data. So, how are they protecting it? Security practices have changed rapidly in healthcare over the past few years, but are they getting it right yet?

Healthcare Industry Update

Verizon recently released their 2018 Protected Health Information (PHI) Data Breach Report. They analyzed over 1300 security incidents where PHI was at risk. Here are some quick facts about the report:

 

  • 58% of incidents involved insiders—healthcare is the only industry in which internal actors are the biggest threat to an
    organization.
  • Medical device hacking may create media hype but the assets most often affected by breaches are databases
    and paper documents.
  • Ransomware is the top malware variety by a wide margin. 70% of incidents involving malicious code were ransomware
    infections.
  • Basic security measures are still not being implemented. Lost and stolen laptops with unencrypted PHI continue to be the cause of breach notifications.

Who is behind these attacks?

One of the most interesting findings in the report was the answer to the question, “Who is behind these attacks?”  According to the report, focusing on incidents where data was either confirmed as disclosed or was at risk, internal actors are more common than external—which is unique to the healthcare industry.

 

In the fast-paced world of healthcare, we trust those in charge to take care of us, no matter what. Data security sometimes comes as an afterthought. When money is on the line and bad actors have easy access to our data, fraud can easily happen.

 

Here are the most common breach scenarios:

 

The report goes into detail on each breach scenario and the details on each. The healthcare industry is a highly targeted field and the security measure in place may need correcting. Over half (51%) of the employees were found misusing privileges. But, sometimes that wasn’t discovered for several years.

Being Forewarned is Being Forearmed

A great point from the wrap up from the report: One of the primary value adds of this report is that it’s based on analysis of real-world events. That means that it illuminates some of the main trouble spots you’re likely to encounter and being forewarned is forearmed. Knowing the areas of greatest concern allows an entity to dedicate more of its resources to address those concerns and to some extent mitigate the risk associated with them.

Call us toll free at
844-411-0404
View All Faq's

Enterprise-grade managed security services to fit your mission, needs, and budget.

View All Faq's

Let our award-winning team make sure your business is safe.

Shoot us a message to start a discussion about how our team can help you today.

Main Contact Form

Areas of interest:
How do you prefer to be contacted?
human(Required)
This field is for validation purposes and should be left unchanged.

“5 star company to work with”

Jessie M.

More REviews

Table of Contents

Managed Services
Compliance
Company
  • Cyber Blog
  • Privacy Policy

Call us toll free at 844-411-0404

Managed Services
Compliance
Company

Join our mailing list

Stay up-to-date on the latest news in the cyberverse.

Email Subscription News

I am a human(Required)
This field is for validation purposes and should be left unchanged.
© Cybriant Cybersecurity Services 2024