Healthcare News & Insights

Patient data’s biggest threat: Man vs. machine

GettyImages-171316994In 2015, the healthcare industry experienced 265 recorded cybersecurity data breaches, and those are just the ones that affected more than 500 patients, according to the Office of Civil Rights. While attacks on large-scale providers made headlines, organizations of all sizes are constantly at risk of a breach. In this guest post, Mark Johnson, founder and CEO of a Dallas-based comprehensive healthcare IT service provider, explains hospitals’ risks for breaches and how to avoid them.


Cybercriminals target healthcare providers because of the plethora of personal information patient records contain. From Social Security numbers, birth dates and insurance information, stealing a healthcare record provides more valuable personal information than just a credit card number.

From small, private practices to nationwide health networks, every provider must be acutely aware of data risks, both from internal employees and new-generation technology used to make patient care more efficient.

Both man and machine can cause significant headaches, including the loss of patient data, a lawsuit or potentially even a ransom note – as Hollywood Presbyterian Medical Center found earlier this year.

But which is the bigger risk?

Security software

When considering data security, we naturally first envision cyber hackers feverishly attempting to gain access to a healthcare organization’s database through an intricate series of code and computer viruses. The success of the majority of external threats are primarily due to a lack of proper security software.

Whether utilizing a cloud-based system or physical data centers, all technology should have multi-layered security software installed. The system should constantly scan for potential threats, encrypt data, alert the IT department and begin to combat an attack immediately.

A complex security solution allows healthcare executives to have peace of mind in case a physician’s laptop is stolen or if cybercriminals attempt to duplicate the server password. Effective security software will ensure patient records are still safe because there are multiple levels of protection.

Additionally, remember to continuously check for updates, as out-of-date software could protect against an older bug, but not always the latest versions of a virus leaving patient data vulnerable.

Human error

While external threats that “hack” the system receive significant attention, human error is actually the No. 1 cause of data breaches. Oftentimes patient data is vulnerable due to a simple employee mistake, such as a physician losing his or her laptop or an employee using public Wi-Fi on their mobile device.

The smallest errors in judgment can be the key that allows intruders to gain unauthorized access to the patient records system, often without the knowledge of the employee.

To mitigate incidental employee threats, healthcare providers should implement regular training for employees of all levels. Basic presentations on password protection, the dangers of public Wi-Fi and encrypting laptops, cell phones and other mobile devices are essential to maintaining a safe and secure cyber environment. Additionally, in-depth trainings on more complex concerns, such as how to spot a phishing scam, will ensure employees are informed and less likely to create a cybersecurity crisis.

There are circumstances when disgruntled employees have accessed and shared patient data before being dismissed. While these cases are rare, the potential threat should not be ignored. Each employee should only have the appropriate level of administrative access needed to do his or her specific job, and that access should be terminated immediately if suspicious behavior is observed.

Be prepared

With patient data being sold and traded on the black market, data security cannot only be a problem for the IT department, but rather every employee throughout an organization.

To determine potential weak spots in an organization, executives should conduct yearly, thorough reviews of all points of intrusion, as well as each employee’s level of access. From system backups and software updates to portable devices and connected medical equipment, all IT systems should be examined to determine if appropriate security measures are in place.

Additionally, every healthcare organization should establish a breach response plan that outlines necessary action steps and team responsibilities in case an attack occurs. While it may seem unnecessary or too cumbersome to create such a plan, the moment a threat appears, having detailed instructions prepared will save valuable time in mitigating the attack and protecting patient information from being captured.

Today I’s not a matter of if an organization will be breached but when. Healthcare organizations of all sizes must take the time to invest, prepare and implement security solutions, while constantly analyzing the workplace for potential threats.

By taking the time to prepare before a breach happens, healthcare providers can ensure patient data will remain safe from both man and machine.

Mark Johnson is the founder and CEO of MedNetwoRx, a Dallas-based comprehensive healthcare IT service provider.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

Speak Your Mind