Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn more about massive GDPR compliance fines for Haga Hospital in the Netherlands, a mid-year update on healthcare data breaches, lack of digital health readiness among healthcare providers, and more.
Haga Hospital in the Hague, the Netherlands was fined €460,000 ($516,000) under the General Data Protection Regulation (GDPR) after a data breach where dozens of employees snooped into the records of a celebrity patient. According to Dutch News, the incident involved the records of reality TV star Samantha de Jong – also known as “Barbie” – who was hospitalized last year.
An investigation by the Dutch Data Protection Agency found that Haga Hospital “does not have the internal security of patient records in order” and that it “has not met and does not meet the requirement of two-factor authentication and regular review of log files.”
In addition to levying the massive GDPR compliance fine, the agency states that it plans to issue additional fines if the medical center does not improve its security practices.
Cybersecurity is a top concern in healthcare organizations – when a data breach occurs, it costs $408 per patient record on top of damages to business, productivity, and reputation. In 2018 alone, the Office for Civil Rights (OCR) collected $28 million in HIPAA violation fines.
“I’ve seen estimates of over $5 billion in costs to the healthcare industry annually. That’s enormous and is not going away.” – Lisa Rivera, Partner at Bass, Berry and Sims
How can hospitals avoid the risk of a data breach? By performing a risk assessments, ensuring that software is upgraded, and adopting a patient privacy monitoring solution, medical centers of all sizes can prevent cybersecurity incidents, thereby protecting patient information and reinforcing trust.
With half of 2019 already behind us, Healthcare Info Security has compiled a mid-year update of the security incidents that have affected the healthcare industry in the past six months. Hacking caused the most breaches, while lost and stolen devices have become a rare occurrence.
The HIPAA Reporting Tool by the U.S. Department of Health and Human Services (HHS) keeps a list of breaches from the past year that are currently under investigation – and it reveals that the top 10 largest data breaches involve “hacker/IT” cyberattacks such as misconfigured computer settings that leave PHI exposed on the internet.
What were the largest breaches of 2019 and what were their causes? Read the mid-year update to discover more.
Healthcare providers understand how vital it is to keep up at the speed of technological innovation – but many admit that they’re unprepared to deliver the type of secure digital and mobile health offerings that consumers expect. And when health systems fail to keep their technology up to date, patients, physicians, and staff are at risk of moving on to more competitive organizations.
Of the 220 healthcare IT decision makers surveyed in a HIMSS Media report on providers’ digital health readiness, only 11% consider themselves early adopters – while two-thirds rate themselves as being behind the curve. The earliest adopters enjoyed clear advantages, such as:
- Reduced care costs (among 87% of early adopters)
- Enhanced workflow efficiencies (83%)
- Greater patient satisfaction (82%)
- Improved patient outcomes (78%)
What are the strongest barriers against improving digital readiness for healthcare and how can organizations remedy this? Read the full article to find out more.
A study of data breaches from 2009 to 2016 involving 500 patients or more within the OCR found that paper and film records were the most frequent sources for data breaches – while network servers were the least frequently compromised.
The study published by the American Journal of Managed Care analyzed facilities based on region, type, biometric security use, level of healthcare IT sophistication, and ownership. Of these medical centers, hospitals accounted for one-third of all data breaches – and affected the largest volume of patients.
“Hospitals should conduct routine audits to allow them to see their vulnerabilities before a breach occurs. Additionally, information security systems should be implemented concurrently with health information technologies.” – American Journal of Managed Care
Industries in general have rapidly adopted the cloud in recent years – and healthcare organizations are following suit. A decade ago, with cloud technology in its infancy, IT and security professionals would have scoffed at the idea of keeping sensitive patient data on the cloud.
“Most industries, including healthcare, were still trying to wrap their arms around what the cloud entailed and potential risks associated with moving toward the technology. Lack of visibility, standards and transparency were of primary concern, as were issues of privacy, security and overall compliance.” – Anahi Santiago, CISO at Christiana Care Health System
But cloud computing in healthcare has myriad benefits, which privacy and security professionals have embraced in recent years. More and more healthcare organizations have adopted the cloud with the understanding that it cuts costs while providing a secure environment for PHI with a singular access point. In fact, adopting cloud technology enables medical centers to adapt to changes in technology while safeguarding patient data. Expect to see cloud adoption grow in healthcare organizations across the globe as technology and security continue to improve.