As cybersecurity incidents become more commonplace, the cost to healthcare systems are soaring – according to a new study by Black Book Market Research, the cost of data breaches in the healthcare industry will reach $4 billion by the end of 2019. And the true price of a data breach can’t simply be measured in dollar amounts. A study at Vanderbilt University has revealed that healthcare breaches cost 2,100 patient lives every year.
The good news is that it’s possible to prevent such devastating consequences. By proactively monitoring EHRs for patient privacy and strengthening healthcare cybersecurity measures, your organization is better equipped to prevent and quickly remediate data breaches. But how does that work? Here are three ways patient privacy monitoring impacts patient lives and reduces the cost of data breaches in healthcare.
- Prevent and mitigate privacy breaches
According to the Vanderbilt University study, patient death count soared in the months and years following a data breach. But why does this happen? Dr. Sung Choi, researcher at Vanderbilt University, says that regulatory inquiries, remediation efforts, and litigation as a result of breaches in health systems can cause interruptions in patient care. By monitoring for patient privacy, healthcare organizations are able to detect high volume access and other indicators that can prevent breaches from happening – or help an organization contain them more efficiently.
In 2013, Sentara Healthcare experienced a breach involving two staff members, leading the organization to realize they needed proactive monitoring to mitigate future incidents. They acted quickly to partner with a patient privacy monitoring platform, providing them with increased visibility into user activity with advanced analytics. And when a new incident occurred involving VIP patients, Sentara Healthcare was able to detect the breach immediately, investigate to identify those responsible, and resolve the incident swiftly.
In an industry where it takes 350 days on average to detect a data breach, having the tools available to resolve privacy and security violations in a timely manner can save organizations time from remediation efforts and maintain focus on the most important aspect of any healthcare system – providing outstanding patient care.
- Contain insider threats
Whether from a careless worker or a malicious insider, insider threats are one of the most significant risks to the healthcare industry. In fact, the 2019 Verizon Insider Threat Report revealed that 46% of healthcare organizations were affected by insider threats – the only industry where insiders were responsible for a higher amount of breaches than external sources. And although insider threats are a significant risk for healthcare entities, they’re a concern that organizations can approach proactively with patient privacy monitoring.
With a proactive monitoring program in place, privacy officers can see which user is accessing which record and for what reason. If a user typically accesses 20 records per day, but suddenly accesses 100 or 1,000 instead, it’s possible that data is being exported for the purposes of identity theft and other criminal activity. Monitoring user activity provides visibility to detect occurrences like these so that appropriate action can be taken quickly. Re-training negligent workers, restricting access controls from a departing employee, or terminating bad actors can stop an insider-led cyberattack in its tracks.
- Strengthen patient trust
Proactively monitoring user activity to prevent and contain insider threats and data breaches facilitates patient trust because it proves that an organization is doing its due diligence to protect the confidentiality of the information it stores. And that directly correlates to quality of life for a patient – if they can’t trust their provider to keep their information private, they may avoid seeing their doctor, leading to significant health risks.
“If people don’t believe their data is private, they end up doing different things,” said Ed Holmes, CEO of FairWarning. “They don’t tell their doctor everything that might be wrong with them out of risk of it becoming known, they might travel to a place that’s further away because they don’t want to be in their local hospital system. The action that patients end up taking if they don’t believe their data is purely private is bad for the patient.” He concluded that patient privacy monitoring protects patient information not only to catch bad actors, but also to preserve the quality of care that patients receive.
To alleviate potential concerns with the healthcare system, it’s integral that people trust their medical care team. If healthcare professionals can’t maintain trust, the people they serve are not going to participate in healthcare in a productive way, which is a detriment to patient health and interactions with providers. But by monitoring EHR user activity to protect patient privacy, data breaches and other risks to patient health can be both prevented and contained quickly in situations where they’re unavoidable, leading to improved quality of life for patients.