IT Vendors May Be Setting Themselves Up for Data Breaches

By Slack Davis Sanger | May 12, 2015

Healthcare industry data breaches are an all too common thing nowadays. With half of major data breaches occurring in the healthcare industry by third parties, you can never be too careful.

Unfortunately, IT vendors who serve this industry share some of the blame by not practicing preventative measures. Below are some problems these IT vendors have when it comes to data security in the health and medical field, and how they can improve their security measures:

The Problem: Failure to Assess Risk
Over a quarter of IT organizations do not perform risk assessments regularly, even though it is a HIPAA requirement. This increases the chances of data being stolen, with consequences being millions of dollars in lawsuits, fines, and restitutions.

How to Fix: Even though risk assessment can be grueling work, it beats having to deal with the consequences of a data breach. A policy that consists of periodic evaluations of data inventories/critical assets, re-evaluations of risk, and administrative, physical, and technical safeguards should be the norm, as is the most effective way to prevent data breaches.

The Problem: Lack of Awareness
The recent Anthem breach has been traced as far back as April of last year. Many data breaches are performed so covertly that companies don’t detect them until months later.

How to Fix: Conduct regular system activity reviews, and keep logs protected.

The Problem: Failure to Keep Up-To-Date Patches and Firmware
Security patches should be applied as soon as they are released, yet they often aren’t. While not all patches are perfect, fines can reach up to $150,000 if you wait for the next update instead of using the current one.

How to Fix: Make sure you are documenting the patches you perform, so you don’t skip out on one.

The Problem: Improper Training
Although general security awareness is required by HIPAA, secure development practices are not. People need to be aware of the vulnerabilities they create when building new applications.

How to fix: Educate yourself on security issues surrounding web applications and services.

The Problem: Change Management
A lot of breaches happen during changes to technology assets and business procedures, because it is when companies are the most vulnerable. When change is implemented at a bad time, it can open the door for a variety of technological malfunctions, which will give hackers the perfect opportunity to break in.

How to fix:
Reduce access to systems that can be changed, and keep detailed information on all assets. A great way to learn about managing change is through the Visible Ops Handbook.

Contact Slack Davis Sanger today if you have concerns about a data breach at your health or medical facility.

Leave a Comment