7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com

Similar documents
THE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW

SOCIAL ENGINEERING AND WHY IT HAPPENED TO YOU

2010 Data Breach Investigations Report

I ve been breached! Now what?

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

Cyber Security An Exercise in Predicting the Future

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

How-To Guide: Cyber Security. Content Provided by

THE COST OF A DATA BREACH FOR HEALTHCARE ORGANIZATIONS

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Keeping your VPN protected

Network Security & Privacy Landscape

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

The Impact of HIPAA and HITECH

10 Quick Tips to Mobile Security

SHS Annual Information Security Training

Reducing Cyber Risk in Your Organization

National Cyber Security Month 2015: Daily Security Awareness Tips

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

A Case for Review of Your Network Privacy and Security Policies

Security and Privacy of Electronic Medical Records

Why Secure Communication Software is Critical for HIPAA Compliance

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

ITAR Compliance Best Practices Guide

HIPAA and Health Information Privacy and Security

CYBERCRIME AND THE HEALTHCARE INDUSTRY

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Medical Information Breaches: Are Your Records Safe?

Teradata and Protegrity High-Value Protection for High-Value Data

Protecting personally identifiable information: What data is at risk and what you can do about it

for businesses with more than 25 seats

Data Security Best Practices & Reasonable Methods

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

5 Tools For Passing a

How To Find Out What People Think About Hipaa Compliance

Franchise Data Compromise Trends and Cardholder. December, 2010

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Understanding Layered Security and Defense in Depth

A 5-STEP PLAN TO PREPARE FOR HEALTHCARE. A Complimentary White Paper from

Intro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits

10 Smart Ideas for. Keeping Data Safe. From Hackers

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

AB 1149 Compliance: Data Security Best Practices

UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting

Information Security Addressing Your Advanced Threats

Preemptive security solutions for healthcare

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

HIPPA Goes HITECH. Data Protection for Agents

HIPAA Security Alert

Compromises in Healthcare Privacy due to Data Breaches

Senaca Shield Presents 10 Top Tip For Small Business Cyber Security

2015 VORMETRIC INSIDER THREAT REPORT

Driving Company Security is Challenging. Centralized Management Makes it Simple.

2015 DATA BREACH INVESTIGATIONS REPORT

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Healthcare Information Security Today

Nine Network Considerations in the New HIPAA Landscape

Information Security It s Everyone s Responsibility

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security

OCR UPDATE Breach Notification Rule & Business Associates (BA)

The Business Case for Security Information Management

Securing Health Data in a BYOD World

INVESTIGATIONS REPORT

Information Security It s Everyone s Responsibility

Cybersecurity Workshop

Guide to Preventing Social Engineering Fraud

Network Security & Privacy Landscape

BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security

Data Security Incident Response Plan. [Insert Organization Name]

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Protect your laptop with ESET Anti-Theft

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

DISCLAIMER AND NOTICES

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Checklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow

White Paper. HIPAA-Regulated Enterprises. Paper Title Here

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Information Technology Security Review April 16, 2012

Securing Virtual Desktop Infrastructures with Strong Authentication

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

The 2014 Bitglass Healthcare Breach Report

Whitepaper. Advanced Threat Hunting with Carbon Black

HIPAA and Mental Health Privacy:

Transcription:

7 VITAL FACTS ABOUT HEALTHCARE BREACHES www.eset.com

7 vital facts about healthcare breaches Essential information for protecting your business and your patients Large breaches of Personal Health Information (PHI) are regularly disclosed and publicized, and it s evident that this data is highly prized by cybercriminals. According to the FBI, healthcare organizations are a target because they are not as well-protected as more obvious targets such as financial institutions and retailers. 1 A review of recent breach incidents reveals that smaller organizations with limited IT resources are especially prone to compromise. 2 However, organizations of all sizes must adopt a practical approach to understanding and closing the biggest vulnerabilities. Fact #1: Theft and loss trigger nearly half of breach incidents Your greatest nemesis isn t criminal hackers. They are laptops and removable drives. Lost or stolen assets figured in 45% of all healthcare data breaches. Tip: Encrypting PHI is the best preventive measure you can implement. It doesn t prevent loss or theft, but it keeps data that falls into the wrong hands from being read, making it useless. Given the frequency of these incidents, and that encryption removes the federally mandated reporting requirements, there is simply no reason not to encrypt data on any device that might be a target for theft whether it s in the office or carried home. Fact #2: Some of the weakest links in your defenses are human, not technological Overall, 20% of incidents involved misuse of privileges (the snooping employee being one example) and another 20% involved various kinds of human errors such as violating policies and misaddressing email. Tip: Educating employees on safe data handling and computing practices is the best defense here. Encrypting data sent in emails and on devices can help as a secondary measure, but there is no substitute for knowledgeable employees who understand safe practices and the consequences of a breach. 1 FBI Cyber Division, Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain, 8 April 2014 2 2 Verizon, 2015 Protected Health Information Data Breach Report. We acknowledge this report for the bulk of the data presented in this document. 3

Fact #3: Smaller practices suffer more data breaches Of breaches involving healthcare organizations, 55% involved ambulatory practices, mostly smaller physician practices and clinics. Only 40% were at hospitals. (The remainder, approximately 5%, were at skilled nursing facilities and social-assistance organizations.) Tip: If you assume that your size makes you less vulnerable, shed that false sense of security. The data you have is every bit as valuable to data thieves, and they think you re a better target because they expect your defenses to be weak. Fact #4: High-volume breaches get the headlines, but stolen credentials remain a threat Big breaches of medical records stored in databases get the headlines, and rightfully so given the numbers of records exposed. But individual credentials are also a target, and provide an entrée to larger compromises. Keyloggers, phishing schemes and simply guessing insecure passwords are all common avenues. Tip: First, practice basic security by requiring strong passwords. Install layered security at your endpoints that detects attempts to plant keyloggers, uses multiple methods to stop phishing emails from reaching inboxes, and blocks workers from visiting suspect sites. If you allow access from outside your network, implement two-factor authentication to protect against compromised passwords. Fact #5: There s gold in your trash While employee errors are more prevalent at hospitals than smaller ambulatory practices, there s one big exception: employee errors that fall under the category of improper disposal. It is responsible for 38% of employee error incidents at smaller practices, compared to 22% at hospitals. Tip: Remind your staff about safe disposal procedures. While many of these incidents involved paper records and films that were left in dumpsters, others were caused by electronic devices with disk drives or flash memory that still contained data. Encryption remains a best practice for any portable device. 4 5

Fact #6: A few measures will give you the biggest bang for your security buck Data breaches often begin with a single event or an attacker exploiting some vulnerability; this triggers a chain of events that eventually leads to data being exposed or compromised. Theft, compromised physical security, abuse of privileges, phishing attacks and data mishandling are the most common initiators. Tip: If you can put a stop to the most-common initiators, you can make your organization three or four more times complex to attack. Anywhere you can interrupt the chain that leads to data compromise will help protect your PHI. For instance, even if you can t stop all theft, you can implement encryption on your most vulnerable devices so if the item is stolen, it will be inaccessible to thieves. 6 7

Fact #7: Fear of breaches is compromising medical care This is the most alarming statistic for healthcare providers. A recent study found that 21% of patients more than 1 in 5 are withholding information from providers because they fear their personal, confidential information being exposed in a data breach. 3 Given that physicians rely on patients to be forthcoming about their symptoms and to trust the confidentiality of the doctor-patient relationship, this could have a chilling effect on the ability to diagnose and provide the most appropriate medical care. Tip: Despite the incidence of data breaches, security has been on the back burner as smaller practices struggle to keep up with new mandates. There are, however, ways to implement security that will protect your patients and secure their trust without overburdening your IT staff. Healthcare incidents vs breaches NUMBER OF SECURITY INCIDENTS 234 SMALL 51 LARGE 38 UNKNOWN 145 CONFIRMED DATA LOSS 141 SMALL 31 LARGE 25 UNKNOWN 85 Source: North American Industry Classification System (NAICS) census.gov/eos/www/naics 3 Software Advice, HIPAA Breaches: Minimizing Risks and Patient Fears, IndustryView 2015 8 9

Learn more about how to protect your business s important files on hard drives, portable devices and email with ESET s DESlock+ encryption solutions. By delivering encryption across all aspects of your enterprise, DESlock+ helps ensure your key asset your data is always secure. About ESET Endpoint Security ESET Endpoint Security is the easy, effective way to protect healthcare companies of all sizes. By protecting all your devices, including servers, desktops, laptops, tablets and smartphones, it keeps your systems protected against malware and addresses patient privacy as well as HIPAA, HITECH, and PCI compliance. Remotely managed from a central administrative console, this comprehensive protection streamlines security so IT staff can focus on improving the patient experience and quality of care. For over 25 years, ESET has been developing industry-leading security software for businesses and consumers worldwide. With security solutions ranging from endpoint and mobile defense to encryption and two-factor authentication, ESET s high-performing, easy-to-use products give users and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running uninterrupted. For more information, visit www.eset.com. 1999-2016 ESET, LLC, d/b/a ESET North America. All rights reserved. ESET, the ESET Logo, ESET SMART SECURITY, ESET CYBER SECURITY, ESET.COM, ESET.EU, NOD32, SysInspector, ThreatSense, ThreatSense.Net, LiveGrid and LiveGrid logo are trademarks, service marks and/or registered trademarks of ESET, LLC, d/b/a ESET North America and/or ESET, spol. s r.o., in the United States and certain other jurisdictions. All other trademarks and service marks that appear in these pages are the property of their respective owners and are used solely to refer to those companies goods and services. 10 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information