Blog

How to Protect ePHI from Healthcare Data Security Threats

Blog

How to Protect ePHI from Healthcare Data Security Threats

Blog

How to Protect ePHI from Healthcare Data Security Threats

Blog

How to Protect ePHI from Healthcare Data Security Threats

Blog

How to Protect ePHI from Healthcare Data Security Threats

Download PDFDownload PDF
Blog

How to Protect ePHI from Healthcare Data Security Threats

Heather Mueller
/
January 30, 2017
Blog

How to Protect ePHI from Healthcare Data Security Threats

MIN
/
January 30, 2017
About the Episode
Episode Highlights
Meet our Guest
Episode Transcript

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Blog

How to Protect ePHI from Healthcare Data Security Threats

Blog

How to Protect ePHI from Healthcare Data Security Threats

Get the Report

Not a valid e-mail address

Great, thank ya!

You can now access the content.
Oops! Something went wrong while submitting the form.
Blog

How to Protect ePHI from Healthcare Data Security Threats

Panelists
No items found.
Introduction
Introduction

Great, thank ya!

You can now access the content.
Download NowDownload Now
Oops! Something went wrong while submitting the form.

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Panelists
No items found.
Infographic

How to Protect ePHI from Healthcare Data Security Threats

Here’s what you should know about the current state of healthcare data security and how to secure your data with HIPAA compliant forms.
Download InfographicDownload Infographic

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Collecting payments with online forms is easy, but first, you have to choose the right payment gateway. Browse the providers in our gateway credit card processing comparison chart to find the best option for your business. Then sign up for Formstack Forms, customize your payment forms, and start collecting profits in minutes.

Online Payment Gateway Comparison Chart

NOTE: These amounts reflect the monthly subscription for the payment provider. Formstack does not charge a fee to integrate with any of our payment partners.

FEATURES
Authorize.Net
Bambora
Chargify
First Data
PayPal
PayPal Pro
PayPal Payflow
Stripe
WePay
Monthly Fees
$25
$25
$149+
Contact First Data
$0
$25
$0-$25
$0
$0
Transaction Fees
$2.9% + 30¢
$2.9% + 30¢
N/A
Contact First Data
$2.9% + 30¢
$2.9% + 30¢
10¢
$2.9% + 30¢
$2.9% + 30¢
Countries
5
8
Based on payment gateway
50+
203
3
4
25
USA
Currencies
11
2
23
140
25
23
25
135+
1
Card Types
6
13
Based on payment gateway
5
9
9
5
6
4
Limits
None
None
Based on payment gateway
None
$10,000
None
None
None
None
Form Payments
Recurring Billing
Mobile Payments
PSD2 Compliant

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Did you hear about the time McAfee Labs dubbed 2014 “The Year of Shaken Trust”? Back then, a medical record was ten to twenty times more valuable to hackers than a credit card number because it offered copious amounts of sensitive personal data. It's been two years since that report was issued, which should mean we've come a long way in securing electronic protected health information (ePHI). Instead, the news is filled with one healthcare data security breach after another. In one incident, a Southern California hospital was forced to pay a $17,000 ransom to have its network restored. In another, 3.7 million patient records were accessed. And this list goes on. (And on.) The number of major HIPAA data breaches for which cyber attackers are responsible has increased 300% in just three years. With healthcare data at such high risk, it’s shaping up to be a critical time for HIPAA compliance, web form security, and other healthcare IT measures.

What’s Happening with Healthcare Data Security?

To hackers, ePHI is even better than hitting the jackpot. A single medical record offers a bevy of black market opportunities, from insurance fraud and prescription abuse to identity and credit card theft. And because healthcare organizations often lack the sophisticated backup systems that are common in other industries, they’re prime targets for cybercrime. That’s why the Brookings Institution is predicting that one in thirteen patients will be impacted by provider data breaches by 2019, in part because federal mandates forced so many practices to adopt electronic health records (EHR) before they were ready to adequately invest in IT security. According to the report, it’s not uncommon for facilities to share large datasets because they lack the time and resources to filter out who should have access to what patient information.

How Do HIPAA Data Breaches Happen?

Most healthcare data hacks start with an unsuspecting employee doing something as simple as viewing a patient record or opening an email attachment from a legitimate-looking address. In one experiment, IT security consultants infiltrated a computerized medicine dispensary by dropping off malware-containing USB sticks stamped with the hospital’s logo. In another, the same team filled patient portal form fields with malicious code to be triggered when viewed by a doctor or nurse. Mobile healthcare data is also to blame: A 2016 survey found that eight in ten Google Play diabetes apps lacked privacy policies. Around the same time, more than 80% of surveyed healthcare employees admitted to being fearful of mobile cyberattacks involving malware, blastware, and ransomware.

What Can You Do to Secure Your Healthcare Data?

For starters, choose your vendors wisely. Web forms must be HIPAA compliant, privacy policies should be in place, and digital tools, in general, should meet high-security standards. As one well-regarded security expert put it:

“Every healthcare institution must realize that their patients' data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors.”

Bottom line: It’s up to each healthcare organization to take steps to ensure its ePHI stays safe. Instead of assuming your vendors have a variety of security measures in place to safeguard medical information, be prepared to ask questions such as these:

  • How are emails and web traffic encrypted?
  • How is “at rest” data protected?
  • What steps are you taking to ensure we remain HIPAA compliant?
  • What security measures, such as SSL and advanced password protections like 2FA, are available for online forms?
  • How is information protected as it flows from one user to another?

With Formstack’s HIPAA-compliant secure forms, healthcare providers can collect data with the confidence it's being protected by layers of extra security. Click here to learn more.

Heather Mueller
Heather is a website copywriter and digital content strategist who loves helping brands generate leads through the power of the written word—especially when using Formstack. Connect with Heather on Twitter @heathermueller.
More Articles
Meet The Host
Content Marketing Manager
Connect
Lindsay is a writer with a background in journalism and loves getting to flex her interview skills as host of Practically Genius. She manages Formstack's blog and long-form reports, like the 2022 State of Digital Maturity: Advancing Workflow Automation.