Is your email killing your security?
Email is now the top source of healthcare breaches. Nearly 200 million people in the U.S have had their health information exposed in data breaches since 2010, according to Federal Data, and most of it was the result of breaches derived in one way or another from emails.
In some cases, information included in emails, or attachments, were exposed or sent unsecured. In other cases, phishing scams were used to trick a healthcare worker into unwittingly opening the door to their network, causing the vast majority of the breaches we all hear about. Typically, the breached data includes one or more of the following types of protected health information: Patient name, address, date of birth, patient’s balance and balance type, visit type, claim amount, and status code, medications, and guarantor’s name. Some Social Security numbers may also be exposed if data masking was not enforced, as well as credit card information.
Affected individuals are often offered complimentary 12-month membership to credit monitoring and identity theft recovery services through companies like MyIDCare, which includes a $1,000,000 identity theft insurance policy.
Is this the only solution? Where do you start to secure your organization?
Email error resulting in Impermissible Disclosure of PHI or data breaches is caused by employees.
Training your workforce on best practices for protecting patient data is the solution.
These are our recommendations:
- Train Your Staff in Cybersecurity Awareness.
- Ensure Password Security
- Implement Email Security Solutions
- Use an Antivirus Solution
- Develop a Cybersecurity Action Plan
- Establish fake phishing campaigns to test your workforce
- Create an email Security Policy
- Be clear about the dangers
- Monitor user behavior and performance
- Review access logs for your network and your data systems
Acentec has helped organizations protect and secure data for over 15 years using adaptive technology, email encryption, and secure solutions to protect your organization.
If you have any questions regarding email security best practices management, please feel free to give us a call.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.