March 28, 2018
High-profile data breaches are constantly in news headlines. These security concerns are leaking into the healthcare world, with a rise in data breaches over the last several years. Ponemon’s Annual Benchmark Study on Privacy and Security of Healthcare Data found that almost 90 percent of healthcare providers experienced at least one breach in the last 24 months. Another 40 percent of those had more than five breaches.
Perpetrators will attempt to steal all data types including medical records, payment details, and insurance information. Common targets areas are medical files, billing & insurance records, payment details, monthly statements, scheduling details, and prescription records. Hackers generally profit from their attempts by selling the data for cash, or holding data hostage for ransom.
In a healthcare system, the weak points of payment security include point-of-sale (POS) systems, websites, and malware. POS software is typically targeted in a data breach, as it can allow the installation of malware. Healthcare providers are moving toward online payment and mobile device transactions as well – security in these access points is also critical.
The first step in creating a solution is to understand the problem. Cyber attacks on healthcare organization are on the rise, increasing 320 percent from 2015 to 2016 according to a 2017 Redspin report. To address the elevated threat, healthcare organization need solutions that:
Payment Card Industry Data Security Standards Compliance (PCI-DSS) is the generally recognized set of security standards that organizations must adhere to if they accept credit card payments. The basic policies include controlling card data access, monitoring and tracking card data, and addressing information security within the organization with third party vendors. Compliance with PCI-DSS requires ongoing attention and vigilance.
To ensure security, a layered approach is recommended – above and beyond the PCI-DSS standards. Additional tools are available to reduce fraud and discourage hacking These include:
A comprehensive approach to data security, including and especially in the payment process, is critical to keeping patient data secure during their healthcare interactions. For more information and access to the tools and solutions to increase security, request a demo or connect with us on Twitter, LinkedIn, or Facebook to learn more.