Health Care institutions are increasingly becoming targets for cyber criminals interested in stealing Protected Health Information (PHI). According to the Ponemon Institute Report (1), 94% of health care institutions have been through a cyber-attack. With the government push for Electronic Health Records, PHI has become a more attractive and easier to access target. PHI records sell on the black market for between $20 to $500 per record, according to a white paper by Absolute Software (2). Most of this information is then used to perpetrate fraud schemes on reimbursement programs to the tune of millions of dollars lost. A 2014 report from The SANS Institute (3) indicated that 50,000 security events happened to health providers of all types and all sizes between September 2012 and October 2013, and many remained unaware that they had been hacked until SANS uncovered irrefutable evidence of cyber incursions.
Data breaches for health care organizations have been very costly, not only in terms of data loss and reputation impact, but in terms of fines/penalties from the FTC, lawsuits and reduction in business (2).
A few examples:
This type of financial impact can put a health care provider into the red for years, or even completely out of business.
CSI can help you keep your data protected and help you stay in compliance through a Security Risk Assessment of your processes, systems and devices.
CSI can help you pinpoint your areas of vulnerability and help you develop a plan that keeps your data and your organization safe and secure.