Size up the risks with data security in business and healthcare

man_in_glasses_sitting_with_tablet
WORKING WITH US
image of this article's author, Natasha D'sa
Natasha D'sa
Vice President

This story is the first in a series about secure data management and data security breach prevention — in the healthcare industry and all businesses. Here, we explain some of the most common security issues and discuss why it’s essential your benefits vendors secure, manage and verify your data.


Your benefits package helps protect members and employees from health threats. But how well are they — and you — shielded from unexpected data security threats?


In some cases, not enough. In fact, if you combined the populations [1] of Chicago and Houston, you’d have the total of patient records affected by just the top 10 healthcare data security breaches in 2018. [2] That’s more than 5 million records, and that’s just the top 10. Indeed, 94% of healthcare organizations have experienced at least 1 security breach in the past 2 years,[3] affecting 41% of the U.S. population.[4]


But the threat extends well beyond healthcare and the information in, say, your benefits packages. Every day, 7 million data records are lost or stolen (adding the population of Philadelphia to that list of cities). [5] Massive data breaches at major companies, even at NASA, [6] underscore the unavoidable reality that information security is not a “nice to have,” it’s necessary across all industries — even those that commute to space.


These incidents could cost a company much of its business, by undermining its reputation. This is why selecting the vendor organizations that will secure your data is as important as choosing members of an executive team.


Data security threats are mainstream
Personal health information is especially vulnerable because it can fetch a higher price than other data on the black market (we’ll explore just how much in our next story in this series).[7] And once stolen, that data is usually trading hands among bad actors before the owner even knows it.


It can take a company, regardless of industry, an average of 6 to 7 months just to discover a data breach, and then another 69 days to contain it, according to research by the Ponemon Institute. [8]


This is not the target company’s fault; it could be taking many in-house precautions. But hackers are shrewd. So ask yourself: Do you know if your benefits vendor is equipped to secure, manage and verify personal data for your employees and clients?


Secure data management: The basics you should demand

Full data protection, the kind that allows you to sleep at night, demands state-of-the-art systems for secure data management. And brokers and employers should expect this from their benefits companies.


The vendors should also have a dedicated team and practices that follow rigorous standard protocols to protect your information. You’ll want to see things like end-to-end encryption (scrambled words or codes), round-the-clock monitoring, regular 2-factor authentication login and third-party certifications and scrutiny.


This is just a short sampling of the basics that you should expect from your vendor.


Double check your information security

At the same time, there are ways to protect yourself and your employees — now.


Hackers are fast. In the time it might take a cyber-criminal to infiltrate a computer system via a fake “technical support” email to an employee, millions of records could be jeopardized. And just 1 million exposed records could cost a company up to $40 million, according to the Ponemon Institute’s 2018 data breach study.[9]


You may never be among those companies, especially if you take precautions. To learn more what your benefits vendors should be doing to assure data protection, read our past blog, Who’s watching your data? 6 questions to ask a potential vendor.



And if you’d like to share information about data protection and the security challenges businesses face today with your colleagues, download our data security threats in healthcare infographic. Knowledge is the first step to protecting your company, and your employees, from a security invasion.



In the next article of this series, we’ll investigate personal health information (PHI) as a specific target of hackers and the role of your vision benefits supplier in protecting them.



If you liked this article, you may also want to read:

Questions you should ask benefits companies to make sure your employees’ data is safe



BL-1901-CB-109


1. “The 10 Largest Cities by Population,”Moving.com, March 16, 2018, https://www.moving.com/tips/the-top-10-largest-us-cities-by-population/ reviewed Dec. 20, 2018
2. “The 15 Largest Health Data Breaches in 2018,” by Joseph Goedert, Health Data Management, Dec. 14, 2018, https://www.healthdatamanagement.com/list/the-12-largest-health-data-breaches-of-2018, reviewed Dec. 19, 2018
3. From white paper, citing: SecurityMagazine.com https://www. securitymagazine.com/articles/89315-five-steps-to-developing-a-healthcare-information- technology-security-plan
4. From white paper, citing: The HIPAA Journal https://www.hipaajournal.com/security-breaches-in-healthcare-in-the-last-three-years/
5. From white paper, citing: Data Privacy and New Regulations Take Center Stage"; 2018 Breach Level Index Report by Gemalto; accessed October 2018. SecurityIntelligence.com (2018) https://securityintelligence. com/ponemon-cost-of-a-data-breach-2018/
6. “NASA discloses data breach,” by Catalin Cimpanu, ZDNet, Dec. 19, 2018, https://www.zdnet.com/article/nasa-discloses-data-breach/, reviewed Dec. 20, 2018
7. From white paper, citing: The Washington Post (May 2015) https://www. washingtonpost.com/news/the-switch/wp/2015/02/05/why-hackers-are-targeting-the- medical-sector/?utm_term=.295c46e40605
8. From white paper, citing: Ponemon Institute 2018 Cost of a Data Breach Study: Global Overview (pg. 4) https://www. csoonline.com/article/3251606/data-breach/what-does-stolen-data-cost-per-second.html
9. From white paper, citing: SecurityIntelligence.com (2018) https://securityintelligence.com/ponemon-cost-of-a-data- breach-2018/

BL-1903-C-220