According to, 15 million patient records were breached in 2018 as hacking and phishing surged. They revealed that the number of breached patient records tripled from 2017, as healthcare data security challenges increased.

These were the major causes of breaches in 2018:

  • Hacking & Phishing: About 11.3 million patient records were compromised by hacking, nearly four times more than the 3.4 million reported in 2017.
  • Insider Wrongdoing & Errors: Insiders were responsible for about 28 percent of breaches last year, breaching 2.8 million patient records in 139 incidents.
  • Business Associates: Third-party vendors or business associates accounted for 151 breaches, or 30 percent of the total incidents in 2018, impacting 5.3 million patient records.

So…What should you do?

Use the industry’s definitive source for preventing healthcare data breaches…

A Layered, Managed & Proactive Approach To IT Security

You need these 4 layers:

1. For your Computers: Your need Anti-Virus, Anti-Malware and Zero-Day Protection that’s all managed so you know new updates are being applied daily.

  • Managed Anti-Virus & Anti-Malware: This keeps both known and emerging viruses and malware off of your workstations and servers. Because it’s managed, it stays up-to-date with the latest cyber threats. It also protects against new viruses using behavioral scanning and heuristic checks which will detect new, unrecognized viruses and malware and send them to a sandboxed environment away from your core systems. This is essential with all the new virus and malware threats being created each day.
  • Zero-Day Protection: This provides end-to-end cybersecurity protection for your computers, as well as your networks, endpoints, mobile devices, and cloud-based services when an unknown security vulnerability in computer software or application occurs, and where there isn’t a patch released yet to handle it.

2. On your Network: You need a Next Generation Firewall. This detects and blocks complicated cyber attacks by enforcing security measures at the protocol, port and application level.

Next-generation firewalls can be implemented in either software or hardware. The difference between a standard firewall and a next-generation firewall is that the next-gen performs a more in-depth inspection and in smarter ways. It brings added information to the firewall’s decision-making process. It also has the ability to understand the details of web traffic passing through and can take action to block anything that might exploit your network’s vulnerabilities.

3. Email:  You need SPAM filtering with link and document scanning. This is a service designed to block SPAM from your users’ inboxes. It sets up an email gateway that stops the bad guys before they reach your inbox while making sure the good guys (you) aren’t bogged down trying to manage it. Many email messages today are SPAM. SPAM filtering is critical for keeping phishing emails off your computers. However, even the best SPAM filters can’t block 100 percent of SPAM messages. This is another reason why you need #4 below.

4. User Education: Different sized organizations cope with different problems, but all have employees who are usually the weakest link in their IT security. Modern phishing and social engineering attacks are a major threat to medical practices today. Even a single unaware employee is enough for a cybercriminal to take advantage of through email to gain access to your ePHI, data, finances and more.

Security Awareness Training tackles this problem head-on. You need ongoing training that trains your employees in cybersecurity measures and protocols via a comprehensive curriculum that includes simulated hacking and phishing attempts —This helps your employees know what to look for when using your IT systems.

In order to support your cybersecurity, your staff should know…

  • How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
  • How to use your practice management technology without exposing data and other assets to external threats by accident.
  • How to respond when they suspect that an attack is occurring or has occurred.
  • Further vital information that your staff needs to maintain a secure practice.

Cybercriminals are more sophisticated than ever before in today’s technology-based healthcare world. More and more, cybercriminals are finding convincing ways to invade practice networks – They often gain access by targeting unsuspecting employees.

Providing education for employees on threats like phishing, social engineering, and general information security practices is an effective way for healthcare organizations and medical practices to make constructive improvements in their cybersecurity efforts. Much of cybersecurity is dependent on the user, and as such, it’s vital that you properly educate them in safe computing conduct.

In addition …

Ask your IT provider to implement additional solutions to minimize your risk with:

  • Data encryption so your ePHI and EHRs are secure both in transit and storage.
  • Multi-factor authentication where your users must use two or more forms of electronic identification to access data.
  • Routinely patch and update your software programs to close any security gaps.
  • Mobile Device Management to protect your data if mobile devices are lost or stolen.

With this and a layered, managed and proactive approach to IT security, you should have a fighting chance against today’s IT security challenges.

Did you find this article helpful? Check out others on our Blog.

Are Best Practices For HIPAA ePHI Security Now Mandatory?

Ransomware Explained

Proposed North Carolina 30-Day Data Breach Notification Law Impact On Healthcare Organizations

Need More Information?

HitsTech is focused on bringing the right information technology solutions to organizations throughout North Carolina.
We welcome you the read some of our latest blog posts and technology articles.