[ Wednesday, July 01, 2015 ]
Cybersecurity: The New Front Line in the HIPAA Security War?
Jeff [2:33 PM]
Some recent headlines have indicated that a majority of HIPAA breaches are now the result "intentional" or "criminal" actions; that may be true, but the implication that the theft of the data is intentional isn't. In most cases involving theft, a phone, laptop, or other valuable asset is the true target of the "intentional" or "criminal" act, not the data on the device.
However, it is true that intentional attempts to steal data have dramatically increased, through cybersecurity incidents. Two-thirds of respondents to this HIMSS survey
said their organizations were victims of some form of cybersecurity issue recently. Obviously, the respondent pool is primarily made up of large healthcare businesses and not small practices, so this could be over-represented; but it's also true that HIMSS members are much more likely to be focusing on, and defending against, cyber intrusions. Smaller operators, like smaller physician practices, aren't as attractive a target in terms of the amount of data that could be stolen, and are also less likely to be as interconnected as a large business. On the other hand, their defenses will be much lower.
A la Willie Sutton, cyber thieves will always target the big players because "that's where the data is." But small providers have just as much to worry about: cyber thieves would like a more "target-rich environment," but might also be attracted to the lack of safeguards and protections in the small provider community.
As always, now is a good time to take a look at what you're doing to find your vulnerabilities, fix your weaknesses, cover your risks, and prepare for bad incidents. When did you last do a risk analysis, and did you address cybersecurity specifically?
Blogger: HIPAA Blog - Edit your Template