What to Learn from the Biggest Health Data Breaches of 2017

By ABI - November 7th, 2018

Medical data breach

Like years before it, 2017 was another big year for health data security breaches, with many large healthcare companies struggling under legal liability and damaged reputations. While 2017 wasn’t the worst year on record for health data breaches, there were still several major data security incidents that impacted millions of individuals.

Because law firms and claims offices regularly handle sensitive healthcare data, it has never been more important for them to adopt best practices for data security. While data breaches almost always have a negative impact, they also offer an opportunity to learn from past mistakes and implement procedures designed to help prevent future mishaps. Here are key takeaways about health data security in light of the major data breaches of 2017.

It’s Important to Partner with the Right Document Management Vendor

Healthcare IT News reported numerous healthcare data breaches that impacted thousands of patients. For example, the Henry Ford Health System experienced a breach that exposed the personal information of over 18,000 patients. In Arkansas, a cyberattack exposed the personal data of 128,000 patients.

A radiology center in Michigan suffered a data breach that compromised the data of 106,000 patients. A medical center in Los Angeles informed its patients in June 2017 that it had been hit with a ransomware attack that impacted over 266,000 patients.

While the exact nature of these cyber-attacks varies from provider to provider, many data breaches result from weaknesses in security software and apps created and maintained by third-party vendors. With so much patient data on their hands, most healthcare providers also use document management systems to store and manage their records.

Few record custodians have the tech capability to protect their patients’ data on their own. As a result, they turn to third parties to provide encryption. It’s important to understand that security apps and software vary. Because data security is such a major concern, any document management provider you choose should offer the most rigorous security available. Andreas Rivera of Business News Daily offers several guidelines for choosing the right document management system provider.

When you search for a document management system, Rivera says you should look for one that offers:

  • An Easy-to-Use File Structure – Your document management system should make it easier and faster to accomplish your tasks. By no means should the system you choose make your work slower or harder.At ABI, we like to refer to our document management system as our clients’ “electronic filing cabinet.” With everything in one easy-to-locate spot, you can pull up the documents you need with just a few clicks of your mouse.
  • Search Features – One of the benefits of using electronic document management and storage is the ability to find documents in seconds rather than spending hours sorting through paper files. A good document management system should offer easy search capabilities that speed up your work process rather than slowing it down.
  • Ease of Use – Does the document management system routinely stump employees? Or can people begin using it after a basic tutorial? If it’s difficult to learn and manage, employees are likely to avoid using it at all.
  • Mobile Access – The world and the workplace are going mobile, and your office has no choice but to keep with the changing nature of work. As a result, your document management system should offer mobile features that make it possible to securely access documents from mobile devices, such as smartphones and tablets.
  • Integration – Does the document management system integrate with your existing systems, such as billing software? The document management system should be compatible with other important software you depend on to run your business.
  • Scanning Ability – While the world is rapidly shifting to electronic documents, paper is still a big part of document management. Your document management system should give you the ability to scan paper documents into the system.
  • Security – Perhaps most importantly, your document management system should offer the latest encryption and security.

At ABI, we know that record retrieval doesn’t stop with the delivery of records. Once you have the records you need, you must store them in a way in which they’re available for future access. In other cases, law firms and claims offices have an obligation to maintain records for a certain number of years. This is why we have created advanced document management tools that help our clients manage and organize records all within a single platform.

Security Starts with Employees

Many data breaches result from employee misconduct or simple mistakes. Healthcare companies and records custodians are learning that employees are the first line of defense when it comes to protecting data. Jacqueline von Ogden of CIMCOR offers helpful tips and best practices for helping employees understand their vital role in safeguarding sensitive data.

  • Talk About Phishing Scams – Phishing scams are a popular tool of cyber criminals, as they are easy to insert in innocuous looking emails. All it takes is one employee clicking on a link, and a company’s entire network could be at risk. Companies can combat phishing scams by training employees in best practices for handling emails.Tips include only opening emails from people you know, deleting emails that look suspicious and alerting a superior or manager when a strange-looking email comes through the system. Companies should never assume that employees understand phishing scams.
  • Use Proper Password Protocol – Weak passwords have been the downfall of some of the biggest corporations in the world. Best practices for passwords include using long strings of both upper and lower-case letters, along with combining letters, numbers and symbols.Employees should avoid using common words and dates, such as a pet’s name or a spouse’s birthday. If it’s easy to remember, it’s probably easy for a hacker to guess.
  • Be Careful with Software Downloads – It’s a best practice to ensure that no one in your organization downloads software without running it past your IT department or a supervisor. Corrupted software can compromise your network security, leaving your data exposed to cyber thieves. It’s especially important to make sure employees know not to download software from emails.
  • Discuss Security Planning Often – As with any kind of plan, it’s important to update your network security procedures on a regular basis. Technology evolves at a rapid pace. If you fail to keep up, you won’t be prepared if disaster strikes. The most effective security plans include contingencies for all types of data loss, including natural disasters like floods and fires, as well as the full gamut of breaches, including phishing scams, ransomware and viruses. Being prepared may not stop a breach, but it will definitely help a company contain it and prevent widespread damage.

It’s also important to control access to data. If an employee isn’t an essential team member for a particular task, assess whether that employee truly requires access to sensitive data. The fewer people with access, the less likely you are to experience a data breach caused by an internal mistake.

Healthcare Is a Prime Data Theft Target

Perhaps more than any other industry, healthcare is a treasure trove of sensitive data. In addition to personal information like social security numbers and birthdates, medical records contain financial information that can give cyber thieves access to bank accounts and insurance records. A 2017 survey from Accenture reveals that 26 percent of all American consumers were impacted by healthcare data breaches in 2017.

As Nate Lord of Digital Guardian writes, “Additionally, the survey also found that 50% of breach victims eventually suffered medical identity theft, with an average of $2,500 out-of-pocket costs. Even worse, half of the survey respondents reported that they learned of the breach themselves – as opposed to an official company or law enforcement notification – after they had been alerted to an error on their benefits explanation, credit card statement, or similar documents.”

If the past few years have proved anything, it’s that healthcare data theft isn’t going away — and it’s a problem that is likely to get worse. As Lord notes, “In the past five years, we’ve seen healthcare data breaches grow in both size and frequency, with the largest breaches impacting as many as 80 million people.”

Fortunately, healthcare companies don’t have to be sitting ducks for identity thieves and cyber criminals. Records custodians in the healthcare industry can and should take steps now to safeguard data. Otherwise, they risk significant non-compliance fines, potential legal liability and a loss of public confidence.

Contact ABI Document Support Services Today

At ABI Document Support Services, we help law firms and claims offices manage and secure sensitive records with the most advanced data encryption on the market. We also provide innovative document management solutions for our clients. Get in touch to learn how we can help your organization. Call our record retrieval experts today at 800-266-0613 or use our contact form to schedule a demo.