The healthcare information breach tally continues to rises steadily despite security regulations and associated legal action. And the latest data breach to grab the headlines is the Montana Breach, where hackers gained access to a health department server, compromising the information of 1.3 million individuals on a DPHHS (Department of Public Health and Human Services) Server. While the department officials immediately shut down the server and notified the law enforcement, there is no evidence that any information wasn’t accessed or used inappropriately. Nevertheless, all affected individuals are being offered free credit monitoring services for one year as the potentially compromised information of the health department clients includes names, addresses, date of birth and Social Security numbers.
Patient medical records are a popular target for cybercriminals, and although healthcare IT is evolving, there are often security loopholes that are typically not found until a major compromise takes place. Integrating cyber security into everyday business operations is vital to lessen the chances of a major data breach. Most often, with no system in place to monitor the internal network in real-time, attackers get many opportunities to compromise and exploit the network at their leisure. Often, when mission-driven hackers initiate an attack, they leverage legitimate existing network resources, like user credentials, for the next phases of the attack. And though there is no evidence or reports of identity theft or personal information compromise in this case, breach prevention isa very crucial goal for every healthcare entity.
Lack of continuous security monitoring makes it difficult to detect an attack, says Dan Berger, CEO of Redspin, and incidents such as the Montana Breach, where hackers gained access to a health department server, reiterate this fact. Although DPHHS has taken several steps to further strengthen security, including safely restoring all systems affected, adding additional security software to better protect sensitive information on existing servers, unfortunately, it may not be enough! Every healthcare entity requires a comprehensive, documented, verifiable, and effective information security program to ward off security incidents. Security policies per-se, though essential, do not suffice! Right technologies to automate security procedures make policies realizable combined with training.
Adopting a comprehensive security and compliance solution like Aegify SecureGRC that provides complete security to the data in an organization helps make continuous security, risk, and compliance management much simpler. Try out the community edition before using the standard, professional and ultimate editions of Aegify to get a feel of what Aegify offers.