Healthcare organizations are constantly plagued with the threat of attackers accessing ePHI (electronically protected healthcare information) in their networks.
According to Forbes Magazine, CHS, Anthem, and Premera – three large-scale data breaches-totaled about 95.5 million stolen records, which is almost 30% of the entire U.S. population, and all of this was in less than one year.
Even more frightening is according to the 2015, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data by Ponemon Institutue only 40% of healthcare organizations are concerned about cyber attacks and are preparing to combat cyber warfare. This means that the majority of healthcare related organizations either do not realize how much of a threat a data breach is or they do not think they are susceptible to it; both of which leave millions of medical records and financial information up for grabs for attackers.
88% of healthcare breaches are due to spear phishing attacks on credentials (according to Ponemon)
Realizing the threat, the US Department of Health and Human Services enacted HIPAA and HITECH regulations alongside the Ombinus Rule (2013) requiring healthcare organizations to implement information system activity reviews to regularly assess records of system activity, such as audit logs, access reports, andsecurity tracking reports. Healthcare companies that do not comply with these regulations not only risk a major data breach but also a fine upwards of $50,000 per violation. With the emphasis on regulations and the constant threat of data breaches healthcare organizations should be flocking to implement access controls, but it can be daunting looking for a product that can meet regulations and deliver the frictionless experience healthcare practitioners demand.
Attackers are aware of two vital facts; one, the healthcare industry has a plethora of ePHI to harvest and two, healthcare organizations are not prepared to effectively protect against and detect attacks. Attacks on ePHI are up 125% in comparison to five years ago. With such a large increase in attacks, new strategies need to be put in place to protect patient data.
Compromised credentials can be avoided by implementing secure access control strategies such as Adaptive and Two-Factor authentication to analyze authentication activity more closely. SecureAuth IdP is a single solution that delivers frictionless user access control for on-premise, mobile, cloud, and VPN resources by leveraging the latest techniques in Adaptive and Two-Factor authentication alongside Single Sign-On. With SecureAuth IdP you can easily achieve the delicate balance of security, compliance and frictionless user experience to ensure your organization is ready to defend against the next data breach.