While ransomware can be scary and hacking can affect a lot of individuals at one time, the largest number of HIPAA breaches in 2017 occurred because of unintended disclosures, not intentional ones.
A recent report called Beazley Breach Insights was created specifically for health care. Beazley is an insurance and underwriting company. In this report, Beazley provided information about the major causes of HIPAA breaches reported by insureds.
The largest cause for HIPAA breaches were unintended disclosures at 41 percent, followed by hacking and malware at 19 percent, and insider threats at 15 percent. An unintended disclosure might include an email or fax that was sent to the wrong recipient, patient information given to the wrong patient, or a server containing patient information being accessible on the internet.
These types of HIPAA breaches are much more easily prevented than intentional disclosures, like hacking or a malware attack. Taking a second to double check that the recipient is correct for an email or fax can just about eliminate this issue. The same can be said for double checking the information that is being provided to a patient, whether that’s at discharge or during a request for information. Plus, organizations can double check settings for servers and purchase penetration testing to verify that information is not accessible to the outside world. Double-checking everything should be a standard at health care organizations.
The second largest cause, hacking and malware, is more difficult to protect against, but not impossible. Purchasing, at the least, vulnerability scans to determine what vulnerabilities might be exploited is a great way to help protect your organization. Additionally, training employees to watch out for social engineering is a must.
Finally, health care organizations can reduce insider threats by educating employees on what authorized access means and by creating a work atmosphere that promotes open discussion of possible threats, which is more easily accomplished when honest mistakes are handled with compassion.
To get more ideas on how to reduce the risk of HIPAA breaches, join HIPAAgps today.