The 3 Most Common Healthcare Data Breaches
In an increasingly online world, data security is a real concern for all businesses, even small ones. We’ve already talked about the basics of data protection for your senior care business. Now it’s time to look at the top 3 data-security risks to senior care providers and learn how to protect your business and your clients.
In its annual report on data breaches around the world, Verizon found that last year, more than half of the security incidents reported by the healthcare industry led to the loss of information such as patient records and credit card information. Within healthcare, the most commonly targeted businesses were hospitals, followed by ambulatory health care services (including home health care services, physicians’ offices, physical and other therapists’ practices, and outpatient care centers), nursing and residential care facilities, and social assistance programs (including those for seniors).
Over the years, data-breach detectives have found 9 consistent types of security threats, with each industry falling prey to few in particular. In healthcare, the top 3 data threats in 2014 were “miscellaneous errors,” insider misuse, and lost and stolen assets such as computers and mobile devices with protected data on them. Let’s take a closer look at each of those 3 data issues.
Human error was the leading cause of healthcare data loss
The old saying, “We have met the enemy and he is us” applies all too often when it comes to healthcare data breaches. The most common mistakes made by well-intentioned senior care and other healthcare employees were:
- mistakenly sending private information to the wrong person;
- accidentally posting private information publicly online; and
- failing to properly dispose of protected data.
To reduce the risk of costly mistakes, owners and managers should:
- Remind employees not to rely on autofill tools in email programs and to check recipients before hitting “send.”
- Regularly check your website to ensure that only public information is posted there.
- Dispose of paper documents by shredding and old hard drives by erasing and then destroying them.
Insider privilege abuse was the 2nd largest cause of data theft
Fixing innocent mistakes is one thing; spotting employee malfeasance is much more challenging. The Small Business Administration offers tips for small business owners and managers to reduce the risk of employee theft, including data theft:
- Conduct thorough background and reference checks on prospective hires.
- Watch for behavioral red flags among employees, such as never taking vacation, complaining about large debts, and an adversarial attitude toward managers and co-workers.
- Spell out company data protection policies clearly.
- Restrict employee’s network access to just the areas they need to use.
Experts recommend that no single employee should ever have complete access to your company’s entire network, records, or financial information.
Lost and stolen assets ranked 3rd.
Surprisingly, many thefts of data happened in employees’ own work spaces. Many other thefts happened when mobile devices and laptops were stolen from employees’ cars. The authors of Verizon’s report recommend that business owners keep track of all company-owned devices and reward employees for reporting lost or stolen equipment promptly.
Other steps to take with company-owned, and to recommend for employee-owned equipment (like a personal smartphone a CNA uses to check her schedule and client roster), are password protection, a device-tracking service, and the ability to remotely lock a stolen device or erase its data. Inexpensive apps and file-backup services often include device lock and wipe options.
No business is ever completely immune to human error, physical theft, and rogue employees, but by taking these steps now you can reduce your company’s and your clients’ chances of becoming data-theft victims.