Healthcare facilities all over the country have been hit with security breaches – over 61% in 2013 reported breaches of one sort or another.
It is estimated that millions of patients have been impacted and the cost for hospitals has skyrocketed to $1.6 billion each year. Some of the most well-funded and advanced healthcare organizations in the U.S. have been victims of huge data losses.
Oklahoma has not been immune to the problem, with at least ten national headline making breaches occurring in the last decade. In addition to the loss of data and the cost incurred, security breaches cause a severe loss of reputation that 's hard to overcome.
The situation is as scary as it sounds. However, it does not have to be. There are steps Oklahoma hospitals can take in risk management and cyber-security that can reduce or eliminate security breaches.
Strategies for Prevention
Hospitals have added security due to HIPAA requirements. Whatever policies are put in place for risk management need to keep those requirements in mind. The first strategy is what action to take if there is a breach.
There should be a clear crisis management plan in place. The community needs to be told quickly about breaches and what steps the hospital is taking to prevent further damage or loss of data.
That helps ease public concern, protects your hospital’s reputation, and prevents the breach from becoming more serious. That strategy is for after the fact.
Here are some measures to take before a breach:
- Test Your Security Systems – Establishing security protocols and then forgetting about them is a recipe for disaster. Testing will find weaknesses, allow for modifications to new threats, and show you exactly what steps need to be taken to prevent a security breach. Hiring outside security specialists to covertly test your security gives the best results.
- Be Concerned About Mobile Devices – Mobile devices are being used more widely and in new ways in hospitals. This puts an additional strain on security resources. Older networks may not be set up to manage these new endpoints. A strategy for mobile use needs to be part of any security protocol.
- Manage and Routinely Check System Logs – Reporting procedures need to be a part of your security routine – for added security and to meet federal auditing requirements. Analyzing logs can expose potential security lapses and breaks. Again, if you are unsure of the type of reporting you need, calling a consultant to set the system up for you makes good sense.
- Update Technology – Budget constraints play a part in this, but hospitals are often years behind in adopting new technology and software to combat breaches. It was an issue that could be ignored before. Now, with attacks on the rise, it is more costly not to update and upgrade.
- Educate Your Employees – The largest number of hacks and breaches are the result of careless or unknowing actions taken by employees. Regularly train and educate employees on how to protect passwords and data, and how to avoid phishing techniques. HIPAA regulations about what constitutes an information breach need to be made clear to employees. While convenient and efficient, electronic records make information disclosure too easy.
Oklahoma Hospitals Need to Be Vigilant
Hospitals are becoming more aware of steps they need to take to prevent security breaches since attacks on healthcare systems have risen 100% in the last four years.
However, despite the numbers coming down, even one preventable security breach is too many, and can have devastating results. Oklahoma hospitals need to do all they can to prevent security breaches, including calling in consultants when they lack the resources or knowledge to do so themselves.
What are the best methods for preventing security breaches in Oklahoma hospitals? Let us know your thoughts in the Comments box below.
If you own or manage an Oklahoma-based home health care agency, and you’re looking to become more efficient through the use of technology, download our free guide, Information Technology Guide for Oklahoma City Home Health Care Organizations.