From Mission Impossible to Magnum PI, spy movies and TV shows are known for all types of thrilling espionage, surveillance, and security. Real life may not have Tom Cruise’s blockbusting stunts or miracle-gadgets, but it does have its share of tech-savvy bad guys. In Hollywood, the villains are always after top-secret information, like a list of undercover agents or launch codes for superweapons. Real life bad guys are after very different but very real top-secret data — confidential patient information. Unlike the movies, healthcare data won’t self-destruct in the bad guys’ hands. Cybersecurity is no laughing matter and needs to be taken very seriously. It’s imperative that vendors working with health systems take action to protect against cybercriminals. Vendors must eliminate the danger posed by insufficient protection of private patient information and ensure health system data is kept secure.
The healthcare industry deals with massive volumes of sensitive information that they are required to protect for the sake of their own business and by law. Health systems have access to patients’ contact information, social security numbers, credit card and banking data, as well as private health records. This makes hospitals and clinics some of the biggest targets for cybercriminals who will use that information to steal funds, commit identity theft, or sell it on the black market. The stakes are very real and very high. Compromised health information poses significant risk to the personal and financial safety of individuals. Beyond jeopardizing the privacy and security of patients, data breaches are also incredibly expensive for health systems. The average data breach costs a health system approximately $7.31 million. Additionally, HIPPA privacy and security regulations enforce strict fines and penalties for failing to adequately guard patient information. Unfortunately, incidents of cybercrime and data breaches are only increasing. In 2022, data breaches in the healthcare industry impacted 48.6 million people — that’s 8.6 million more than in 2021 and 14.6 million more than in 2020.
90% of all of data breaches in healthcare are connected to 3rd party vendors engaged by health systems. This statistic demonstrates the necessity that all vendors serving the healthcare industry equip their infrastructure to secure confidential information. The main risk factors that vendors face include:
- Using outdated systems
- Email scams targeting employees
- Unsecure networks
- Inadequate security training
- Weak passwords
Above all else, the greatest threat to cybersecurity comes from human error on the part of employees. Vendors must avoid these security pitfalls by conducting their own risk assessments and implementing strict cybersecurity measures. A required compliance plan, a code of conduct, and employee security training are extremely effective. Vendors should enforce mandatory trainings to educate their workforce, restrict and control protected health information, encrypt data, ensure mobile devices are secure, mitigate connected device risks, and back up data at secure off-site facilities.
To protect against increasing cyberthreats, Parlance follows industry best practices. Parlance:
- Treats all customer data as confidential
- Encrypts data communications for all connections
- Maintains the latest patches and hotfixes for our servers
- Limits data access to defined roles
- Enforces security training (All employees are required to complete monthly, in-depth cybersecurity education to keep our workforce vigilant against threats of cybercrime and phishing scams.)
Parlance has been partnering with health systems and safeguarding their confidential data for over 25 years. We understand the importance of ensuring the security of the health systems we work with and the privacy of the patients who rely on them. Real life is not a spy movie — so Parlance takes cybersecurity measures seriously.
By Scott Gomes