NetSentries helps health care organizations protect electronic protected health information (ePHI) and meet the complexities of HIPAA.
The health care industry includes hospitals, retail urgent care facilities, nursing homes, pharmacies, health insurance companies and more. In the United States, some 10,000 establishments currently make up the Urgent Care industry, mostly the in suburban locations scattered across the country. Hospitals on the other hand, comprise about 1 percent of all of the health care entities, but employ roughly 35 percent of all workers.
More and more, each of these organizations deals with sensitive electronic Protected Health Information (ePHI), which can range from names and Social Security numbers to fingerprints and patients’ conditions to diagnoses. The Health Information Portability and Accountability Act (HIPAA) requires that “covered entities” and their business associates safeguard ePHI or risk paying heavy fines, notifying their customers of breaches and damaging their reputations. Additionally, healthcare organizations that accept credit cards for direct pay patients or co-pays, are also subject to the compliance requirements for the Payment Card Industry or PCI.
This combination of ePHI and financial data is becoming more valuable by the day. Studies have found that organized crime is increasingly targeting healthcare entities because health records are worth more and are easier to get. In fact, more than half of the breaches that occurred in 2014 involved healthcare activities or their business associates.
As per the HIPAA journal, hacking has caused 83% of breached healthcare records in January 2018. The last few years have seen hacking and IT security incidents steadily rise and many healthcare organizations have struggled to defend their network perimeter and keep cybercriminals at bay.
Cybercriminals are on the lookout for a loophole, to access social security numbers, patient records, financial information and intellectual property – and they’re not letting traditional security defences stop them.
Organizations have been slow to identify the breaches, with the average time to detect almost 85 days. In addition, business associates — those third-party contractors that serve health care organizations — were responsible 58 percent of the time.
Here are some of the factors and drivers that place health care organizations at growing risk:
Reactive Versus Proactive
Some health care organizations are behind the curve when it comes to preparing for security threats. Part of that is attributable to failing to maintain an adequate and updated risk assessment, something that is required by HIPAA. Should a health care organization experience a breach, regulators will penalize entities for failing to recognize the warning signs.
Medical data has soared in value on the black market as other sought-after information, such as credit card numbers, have become commoditized. Cybercriminals recognize the value of patient data, such as stolen health insurance numbers, to acquire medications and services.
Doctors, nurses and administrators increasingly are using devices such as smartphones and tablets to access, receive, transmit and store patient information. This results in efficiency wins and improved patient care, yet these devices often lack basic security, such as access controls and encryption, making them vulnerable to malfeasance and data loss.
Health Information Exchanges
HIEs and electronic health records (EHRs) enable health care information to be shared across disparate systems and multiple providers, something that was nearly impossible to do in the past. But with government incentives to invest and advances in technology come news risks and challenges, including not only data protection but also determining who owns the data and what access patients have.
NetSentries offers a comprehensive and flexible portfolio for health care organizations wishing to protect their infrastructure, networks, data and users against today's advanced threats, while ensuring compliance with regulations and requirements such as HIPAA/HITECH and PCI DSS.
Managed Detection & Response
Risk Assessment Services [Urgent Care Solutions Bundle]
Two Factor Authentication
Secure Web Gateway
Web Application Firewall
Security Awareness Education
Incident Readiness and Response
24/7 Detection & Response
Risk Controls and Compliance
Fight Health Care Fraud