The healthcare industry continues to be a target for hackers because patient information is highly valuable. On February 14, 2019, CBS This Morning reported social security numbers sell for $1, credit card numbers sell for up to $110 and full medical records sell for up to $1000 as reported by Experian.
In an article in the HIPAA Journal on October 21, 2019, there were 1,957,168 healthcare records compromised in breaches from a total of 36 breaches over 500 records. The breakdown of the causes of the breaches are below.
- 24 – Hacking/IT incidents
- 9 – Unauthorized Access/Disclosures
- 2 – Theft
- 1 – Loss
Almost half of all the national breaches in September involved phishing attacks. Ransomware attacks are also troublesome for the healthcare industry. One ransomware attack in September resulted in 528,188 records reported as potentially breached in an attack on an OB-GYN provider in Jacksonville, Florida.
Avoid phishing attacks by:
- limiting the amount of personal information you make public through sites such as LinkedIn, Facebook, etc.,
- implementing multiple layers of approval for major transactions such as requiring two people to sign off on wire transfers,
- taking part in your organization’s security awareness program,
- exercising healthy skepticism,
- verifying identity and not assuming someone is who they say they are,
- deleting emails containing PHI as soon as they are no longer necessary to retain,
- never sharing your password with anyone,
- changing your password regularly, using strong passwords, and
- before clicking any link – STOP. LOOK. THINK.