The Health Insurance Portability and Accountability Act (HIPAA) mandates safeguards to be in place to secure protected health information (PHI). PHI is any individually identifying health information such as name, date of birth, financial information, and medical history. The incidents of healthcare organization hacks has increased exponentially over the last few years. As the most targeted sector of the U.S. economy, implementing HIPAA cyber security practices is essential to protecting PHI.
Server Hack Lasting 9 Years Compromised PHI of 2.9 Million
Virginia based, Dominion National, was the victim of a server hack that took 9 years to detect.
Dominion National is an insurer, health plan administrator, and administrator of dental and health benefits. 2.9 million patients were affected by the breach, with exposed information including names, dates of birth, Social Security numbers, addresses, email addresses, taxpayer ID numbers, bank account information, group numbers, subscriber numbers, and member ID numbers. However, exposed information varied by person.
As required by law, affected individuals received breach notification letters and two years of free credit monitoring and identity theft protection. To prevent future incidents Dominion National has implemented enhanced alerting and monitoring software.
Mike Davis, Dominion National President, stated “we recognize the frustration and concern that this news may cause, and rest assured we are doing everything we can to protect your information moving forward. We are committed to making sure you get the tools and assistance you need to help protect your information.”
How to Prevent a Server Hack
Healthcare servers hold a wealth of patient information and are continually targets for hackers. To ensure that the data held in a server is protected, there must be systems in place to prevent access from unauthorized individuals.
The Department of Health and Human Services (HHS) identifies ten practices organizations should implement to increase their cybersecurity:
- Email protection systems
- Endpoint protection systems
- Access management
- Data protection and loss prevention
- Asset management
- Network management
- Vulnerability management
- Incident response
- Medical device security
- Cyber security policies
An organization that incorporates these ten practices into their security practices will limit their risk of exposure.
Need Help with HIPAA Cyber Security?
Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the GuardTM, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.
To address HIPAA cyber security requirements, Compliancy Group works with IT and MSP security partners from across the country, who can be contracted to handle your HIPAA cyber security protection.