The healthcare industry led the way in suffering security breaches in 2016, but some of the most common ways hackers can steal your clients’ data are easy to prevent – if you know what to do. If you own or manage a senior living community or in-home care service, here’s what you need to know to protect your business and your clients.
According to a report in Healthcare Informatics, data breaches within the industry rose by 40% from 2015 to 2016. In 2016, the report said, the healthcare industry led in the number of stolen Social Security numbers; phishing, hacking, and skimming attacks; and employee mistakes that led to data loss. Because seniors are the largest group of healthcare consumers in the US, and because “older adults are among the most likely victims of identity theft and abuse,” according to the Center for Identity at UT-Austin, it’s critical that providers of senior care protect their clients–and protect themselves from liability by following proper security practices.
Why healthcare businesses are such a target for data thieves
Healthcare data is big business for organized criminals because it’s detailed. With a person’s name, date of birth, address, Social Security number, and Medicare or Medicaid information, data thieves can make money through “identity theft and cloning the identities of everyday people,” per the Verizon 2017 Data Breach Investigations Report.
These stolen identities can then be used to open credit card accounts and even purchase property—all while putting the victim at financial risk. Breaches also expose healthcare providers to possible fines. In 2016, the six biggest HIPAA settlement fines were all over $2 million.
Smaller doesn’t mean safer from data threats
Those fines were paid by hospital systems, medical schools, and universities, but thieves go after smaller healthcare targets, too. This is true in many industries, including online retail and restaurants, because thieves know that many small businesses go unguarded or don’t invest in the latest tools and training to protect client data.
How healthcare businesses lose clients’ data
How, exactly, did thieves steal healthcare data in 2016? In more than 80% of the cases, according to Verizon, the three largest data-breach causes in the industry were
- insider and privilege misuse, such as stealing records to sell
- physical loss and theft of computers and data-storage equipment like USB drives and paper documents
- employee mistakes, such as failing to shred paper documents with sensitive data or tossing out old computers with intact hard drives
How your senior care business can protect itself
According to Verizon’s report, limiting employees’ access to data and monitoring their use of your computer systems can reduce the risk of snooping and record theft. The report also urges employers to “watch out for large data transfers and use of USB devices” that can be used to physically remove data from your facility. To prevent loss of client data on your computers, encrypt patient data on company devices whenever possible. Discourage or prohibit employees from printing out patient information, because “the majority of confirmed breaches involved the loss of hardcopy documents.” To prevent employee mistakes that expose patient data, make sure everyone in your organization follows proper rules for shredding documents and wiping hard drives on old computers before disposal.
Learn more about senior identity theft, how to prevent it and how to report it on the SeniorAdvisor.com blog.