A server used by Rhode Island Ear, Nose, and Throat Physicians Inc. (RIENT) was accessed by an unauthorized party, allowing hackers to access RIENT’s network. The protected health information (PHI) of 2,943 patients was compromised, although there was no evidence that the data had been copied or viewed. The PHI breach allowed access to patient names, clinical information, and dates of birth. For a small number of patients, Social Security numbers were at risk. 

RIENT is offering free identity theft and credit monitoring for patients whose Social Security numbers were compromised. To prevent future cybersecurity incidents, the organization has bolstered their security measures by improving technical safeguards.

Preventing a PHI Breach

Hackers often target healthcare organizations since many are not doing enough to protect the sensitive information they handle. There is a misconception that hackers are not interested in targeting healthcare organizations, especially small to mid-sized organizations. However, for a hacker, small businesses are often the most attractive organizations for them to access. 

Hackers realize that many smaller businesses do not have the experience or resources to implement advanced cybersecurity practices. As such, hackers would rather access multiple smaller businesses than to go after one larger organization.

The Department of Health and Human Services (HHS) recommends that healthcare organizations implement ten cybersecurity practices to safeguard PHI:

  1. Email protection systems
  2. Endpoint protection systems
  3. Access management
  4. Data protection and loss prevention
  5. Asset management
  6. Network management
  7. Vulnerability management
  8. Incident response
  9. Medical device security
  10. Cybersecurity policies

Some of the cybersecurity practices recommended are difficult to accomplish for organizations without a dedicated IT staff. To best protect an organization from a PHI breach, it is best to consult a cybersecurity expert. 

Do you Need Help Addressing Cybersecurity?

Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the GuardTM, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.

To address HIPAA cybersecurity requirements, Compliancy Group works with IT and Managed Service Provider (MSP) security partners from across the country, who can be contracted to handle your HIPAA cybersecurity protection.

Find out more about how Compliancy Group helps you simplify compliance and cybersecurity today!

 

Third Party Verification and Validation

Need Help with HIPAA?

Let our complete HIPAA solution handle it.