Data breaches have been on the rise ever since the inception of the HITECH Act. Organizations in the past have been required to be transparent about any breaches, such as unwarranted disclosures of confidential patient health information.
Credible research from a leading information security group has revealed that the year 2014 may be the worst year for healthcare information security. This has been in part, attributed to the vulnerability of government websites such as ‘healthcare.gov’.
The group called Experian, had the following to say about breaches in data, “”The volume of IPs detected in this sample can be extrapolated to assume that there are millions of compromised healthcare organizations, applications, devices and systems sending malicious packets from around the globe.”
Major attention is usually given to the usual occurrences such as hacks and attempts of thievery, whereas the attention should also be focused towards acts of carelessness such as hardware that is lost or stolen, non-encrypted computer databases, lack of internet security software and papers containing confidential and crucial patient health information left unattended at public places.
There is a dire need for mass awareness about the repercussions of mismanagement of healthcare data. People do not realize how integral the safety of healthcare information is to the industry as a whole.
For people to start taking the security of healthcare data seriously there are a number of steps that can be taken.
Recently, a report estimated that around 50,000 events of malicious nature took place between the last quarter of 2012 and the last quarter of 2013. Stats like this show how far the threat has penetrated and how people keep on ignoring it. Part of the problem is that data security is not being taken as seriously as it should. People believe that installing mere antivirus software on the computer will keep all of their files, folders and databases secure and no one would be able to hack into the system, whereas there should be numerous physical and administrative safeguards as well.
Healthcare regulatory bodies and healthcare security enforcement agencies should start using traditional above-the-line marketing methods such as print, radio and electronic advertisement to increase awareness and list preventive measures for data security such as keeping different passwords, locking the computers, and have encrypted databases to name a few.