Last year a Phoenix-based provider of anesthesia and pain management services, started to suspect that a third-party may have gained unauthorized access to its computer systems. While this particular healthcare provider was unable to confirm or deny the suspected hack, they sent notices to nearly 900,000 patients and employees who may have been affected by the incident, in accordance with the HIPAA Breach Notification Rule.
This rule, which is part of the Health Insurance Portability and Accountability Act, requires hospitals covered by the act to notify the U.S. Department of Health and Human Services (HHS) of any breach affecting 500 or more individuals without unreasonable delay and no later than 60 days following the discovery of the breach.
Between October 2009 and December 2016, there were almost 1,800 similar security incidents, but only 68 percent were reported to HHS, according to researchers from Michigan State University. Most of these data breaches occurred at larger facilities and teaching hospitals. Malicious hackers tend to pick larger targets because the payoff can be much greater if the stakes are high.
Shortly after Hollywood Presbyterian Medical Center had lost access to its computer systems last year in February, the hospital decided that the quickest and most efficient way to restore their systems would be to pay a hefty ransom of $17,000. And the hospital isn’t alone. “The payoff for hackers can be huge. The FBI estimated in 2014 that the extortionists behind the CryptoLocker strain of ransomware swindled some $27 million in just six months out of people whose data they took hostage,” reported Wired.
Combined, data breaches and other security incidents cost American hospitals about $6 billion a year, according to findings of a study sponsored by IBM and conducted by the Ponemon Institute. “It is very challenging for hospitals to eliminate data breaches since data access and sharing are crucial to improve the quality of care and advance research and education,” said Ge Bai, an assistant professor at the Carey Business School. “Data breaches negatively impact patients and cause damage to the victim hospital,” Bai added.
How Imperva Can Help
Because of the high rate of large-scale breaches, hospitals are awakening to the fact that their own DDoS protection and breach prevention mechanisms are often insufficient against increasingly more capable attackers motivated by financial gains. Fortunately, leading cyber security software and services providers, such as Imperva, offer sophisticated security solutions that address everything from web application security to DDoS protection, to breach prevention, to cloud and data security, and more.
Imperva can help organizations map out their requirements and turn them into actionable plans. Their DDoS protection services come with a promise of a 99.999% uptime thanks to a global network of data centers backed by a 24×7 security team. When the stakes are high, you want to partner with someone who has the experience and industry know-how necessary to guarantee your safety, and Imperva is this company.
With the adoption of electronic record-keeping and connected healthcare information technologies increasing, hospitals and health facilities must take every precaution to ensure the safety and privacy of their patient’s personal information. We can help with this goal at affordable prices and without the IT burden associated with in-house security solutions.