Breaches get observed in the healthcare sector due to a host of incidents. Credential-stealing malware is one type where an insider deliberately or accidentally discloses a patient’s sensitive data and targets to sell it.
The most sensitive data in healthcare organizations
When we speak about data breaches, have you ever thought about what kind of data gets stolen in a healthcare company? When an individual associates with a healthcare organization, he/she provides his/her Personal Health Information (PHI) and Personally Identifiable Information (PII), per the HIPAA policy.
PHI and the risk associated with it
Protected Health Information is high-quality information related to health status or health care payment. In other words, PHI includes medical payment history or records of a patient. What happens when such information gets leaked? PHI is more valuable than credit-card details or regular identification details in a black market. In this way, cybercriminals aim to target such a database in a healthcare department for personal gains.
The PHI includes:
- Name of a patient
- Date of birth, discharge date, date of death, and administration date
- Fax and contact numbers
- Email and home addresses (including district names and postal codes)
- Medical records, health plans, certificate, social security information, and account numbers
- Vehicle, biometric, voice, and fingerprints
- Photographs and the full face ID
Some shocking numbers of data breaches in healthcare
Protenus, along with databreaches.net, identified more than 572 healthcare data breaches of 500 or more records in 2019, up 48.6% compared to 2018. The year’s most massive data breach affected a HIPAA-covered entity business associate, a debt recovery agency. That single breach saw the records of more than 20 million patients leaked over several months. Hackers hacked their systems in September 2018 and continued to access those systems until March 2019.
Data breaches in 2020 are significant eye-openers:
- HEALTH SHARE OF OREGON: 654,000 PATIENTS
Oregon’s largest Medicaid coordinated care organization notified 654,000 patients due to device theft (Laptop) from its vendor GridWorks. The stolen device had patient names, contact details, dates of birth, and Medicaid ID numbers.
- FLORIDA ORTHOPAEDIC INSTITUTE: 640,000 PATIENTS
A ransomware attack on the Florida Orthopaedic Institute (FOI) breached the data of about 640,000 patients, as reported to Health and Human Services in July 2020.
Keeping a check on insider threats: RemoteDesk and Healthcare Industry
A malicious insider is a current or former employee, contractor, or a third-party vendor, who has authorized access to an organization’s network. Their main aim is to target such systems to tarnish an organization’s reputation or indulge in financial fraud.
How RemoteDesk manages data breaches in a remote work scenario
Remotedesk’s real-time monitoring of remote workforce helps leverage data protection and security of PII at all costs. Its facial and desktop recognition feature allows finding loopholes such as suspicious activity, imposter violation, or desktop screen capture. As a result, healthcare industries rest assured with their data’s safety in a remote working environment.
Healthcare companies found their way!
Once RemoteDesk got implemented, healthcare companies quickly identified agents breaching compliance policies. After the first two weeks, the administration notified all remote workers of proper clean desk protocol, which resulted in a drop in the number of data breaches from 4.7 incidents/day to .23 incidents/day.