You may remember hearing about a major data breach from Anthem in 2015, where the protected health information (PHI) of nearly 79 million patients was stolen in a cyberattack on the payor’s systems.
Well, the results are in for how much Anthem will be shelling out for its mistake: $16 million to the Office for Civil Rights, a record-breaking figure, according to JD Supra.
But even if your hospital doesn’t have the same risks or resources as a nationwide payor, there are still lessons you can take away from Anthem’s costly mistake.
$16M data breach
Preventing data breaches should be top priority for hospitals and health systems.
Although a data breach at your hospital likely wouldn’t be on the same scale as Anthem’s blunder, you’ll still want to pay attention to where the payor went wrong.
There are four key areas Anthem overlooked during its cybersecurity process, so your hospital will want to regularly double-check those areas to ensure patient data doesn’t become compromised in a breach.
First, your IT department should conduct a hospitalwide risk analysis, looking for any loose ends that could leave systems exposed.
If your hospital doesn’t have a comprehensive IT department, or if you just want to make sure an analysis is as thorough as possible, you can outsource the risk analysis to a reputable third party – but be sure to vet any company you let access your security information.
Next, create procedures to regularly review IT activity. Familiarize yourself with what normal usage looks like at your hospital, so you’ll catch anything unusual that could signal a data breach.
As long as resources are available, consider devoting an entire team to tracking and analyzing system usage at your facility. That way, there’s no confusion over whose job it is to catch a breach.
Limited control
Implement controls that determine who is able to access PHI and make changes to your systems. Require passwords for any of these changes so you’ll know exactly who logged in and when.
You’ll also want to host regular employee trainings on what scams and other hacking attempts look like. Example: Hold a hospitalwide phishing simulation, so workers can get an idea of how scammers may try to trick them.
If an incident does occur, respond in a timely manner. Working quickly to mitigate the damage and notify patients of a breach is essential to making sure the leak is plugged quickly and patients continue to trust your hospital.
