Cyber threats and cyber-security are getting full attention across the world with many governments setting up aggressive cyber security mechanisms. Enterprises irrespective of the type of the industry and size of business are prone to cyber-attacks and the consequential data breaches with the healthcare industry being most affected. HIPAA breaches are getting rampant with a reported 67% increase in health care related data breaches, resulting in losses of 1 Trillion$ for businesses; 30-60 million identities get stolen every month; 100% CAGR YOY. The average cost for a breach is $5.5 million!
The Health Insurance Portability and Accountability Act demands that health care providers report data breach in cases that effect more than 500 people. In case of violation of HIPAA, enterprises and their business associates and covered entities, face a penalty of $50,000 reaching up to $ 1,500,000. Over 40% of cyber security breaches in 2014 has been across healthcare providers and their business associates. Such rampant breaches across this sector leads to loss of millions of digital healthcare records and personal information of patients and therefore calls for aggressive counter measures to address these rampant data breaches, given the fact that PHI is getting more valuable in the cyber-fraud scenario than the credit cards.
As per the requirements of HIPAA compliance, all patient health information and critical assets have to be secure. But, the records compiled in 2014 points to a disturbing trend in increased in data breaches, nearly 41 million from 29.3 million, an increase of 41% over 2013. Moreover, records also display that the complaints received by the Office for Civil Rights include nearly 5,447 unresolved cases and around 53,000 closed. The reasons put across are lack of jurisdiction or complaints being withdrawn, and not because there was no HIPAA violation. Further, analysis of the HHS data also brings to light that a large portion of the security breaches (over 52%) have been through theft, nearly 10% due to unauthorized access due to loss of devices, and over 9% due to hacking incidents.
Source: Compilation by Erin McCann, Managing Editor at Healthcare IT News, using data from the Department of Health and Human Services, which includes HIPAA breaches involving more than 500 individuals, reported by 1,149 covered entities and business associates
Businesses across the healthcare industry and its verticals therefore need to scan their PHI assets and conduct security analysis besides ensuring meaningful use of the EHR. Understanding the criticality of the situation, enterprises have deployed a number of new age techniques to protect their electronic data from breaches.
However, Aegify has been developed as a comprehensive security, risk and compliance management solution that not only addresses all of HIPAA compliance needs but also provides the covered entities with meaningful use attestation reports with proof of security and risk analysis. Further, Aegify automates HIPAA management through continuous workflow assessment cycle, and provides instant remediation measures to correct the security deficiencies, a trusted Solution by 70+ MSPs with thousands of customers. Aegify protects your assets, detects vulnerabilities proactively, and responds with appropriate remedial measures. Aegify is the only solution that unifies a comprehensive Security, Risk, and Compliance Assurance system.