1. “A definite relationship exists between industry and attack motive, which is most likely a byproduct of the data targeted.”
This is a refrain repeated several times throughout the report. Given that a significant amount of the attacks are made from malevolent entities that are strictly attempting to steal data for monetary benefit, the data that an entity under attack holds is an important variable to consider.
In the case of healthcare entities, the data they hold is valuable in multiple ways. Billing information holds an individual’s payment method, as well as identifying information like someone’s Social Security number. That issue, compounded with the fact that experts say a medical record can be worth over 20 times what a social security number and credit card number would be worth.
2. “76% of breaches exploited weak or stolen credentials”
This is a common problem – especially in smaller practices. One easy solution that is not used to the extent it should: training. Even as part of HIPAA compliance, users should be trained in properly creating strong passwords that aren’t replicated anywhere else online.
3. “75% driven by financial motives, 78% of initial intrusions rated as low difficulty,
While there are a staggering number of attacks and breaches each year, these incidents are also mostly preventable by doing the known methods of increasing security. Don’t be afraid that you need to reinvent anything – rather, you just need to do the network equivalent of locking your door.
4. “%69 discovered by external parties, 66% took months or more to discover”
If you’re not doing the security techniques that your firm should be, it will likely be embarrassing, whether if it discovered publicly or if the event goes on for so long that it compromises the records of nearly all your patients. Take action to become compliant now.
5. “Ensure essential controls are met: regularly check that they remain so”
Security isn’t a one-time thing. Regularly completing a Risk Assessment of the vulnerabilities that your practice faces is an important step in becoming compliant and secure.
For entire report, download it here
If your firm needs assistance preventing data breaches, please reach out to EMRSoap here.