One of the most important considerations in the healthcare arena is keeping medical records and other sensitive information secure. Unfortunately, many U.S. healthcare providers are not equipped to handle this task. A survey of more than 2,000 security specialists from 705 health organizations estimated that about three-quarters of the nation’s hospitals, doctors and health systems are unprepared for cyberattacks that could compromise more than 500 records. Ninety-six percent of IT professionals said that hackers were trouncing the security measures in place at medical establishments, highlighting the extent of these vulnerabilities.
It is not that healthcare providers are lagging in trying to protect their security systems. Estimates show that the sector is anticipated to spend $134 billion on cybersecurity over the next five years, investing $18 billion this year. However, 82 percent of surveyed chief information officers and chief information security officers agreed that these dollars had been spent ineffectively. They said that funds destined for cybersecurity are routinely spent after breaches, and departments outside of IT typically are not consulted to determine where this money can be best put to use.
Many eye-opening findings underscore the issue. The survey reported that 80 percent of healthcare organizations had not conducted a cybersecurity drill even though data breaches have soared over the past year. Only 14 percent of hospitals said their cybersecurity practices in 2021 would improve over those deployed a year earlier, and 26 percent of healthcare providers said cybersecurity has worsened over the last year. Just 3 percent of providers in other industries said the same.
Consumers are noticing these shortcomings and are objecting to the lack of protection. A poll of 3,500 patients found that 93 percent would switch to another medical services provider if their patient privacy were undermined in a preventable attack. Providers can no longer afford to throw money at cybersecurity problems without determining which strategies and verification tools will best serve them and their patients. The following Deep Dive examines the challenges healthcare providers and systems face in safeguarding consumers’ information from fraudsters. It also details the digital ID verification solutions that can help keep information safe while adhering to stringent regulations, particularly HIPAA requirements.
The Toll Of Medical Data Breaches
The stakes are high for consumers when cybercriminals target medical data. Medical records almost always contain addresses, Social Security numbers and other personal information, including private medical details. Congress began closely examining these issues in the mid-1990s and enacted HIPAA in 1996 to implement privacy standards for all healthcare providers. The measure requires any business that collects or stores health information to apply certain security controls but gives healthcare organizations a lot of leeway to determine how best to do so.
This flexibility does not equate to leniency and enforcement is strict for a good reason. The U.S. Department of Health and Human Services reported that more than 300 data breaches had compromised personal health information this year by the end of January alone, with these instances affecting almost 11 million individuals. Many health officials believe that the remote work environment challenges healthcare providers’ established verification and payment processes, many of which are paper-based. Employees in the healthcare sector are also under tremendous pressure to complete their tasks remotely, increasing their likelihood of tapping into unsecured channels to send, receive, and store information.
Lawmakers are also considering several amendments that would require additional security measures and allow patients whose data has been compromised to receive money to mitigate potential damages. This makes it imperative for healthcare providers to shore up their digital security to avoid falling prey to data breaches and having to compensate consumers for these issues. It comes as little surprise, then, that digital ID verification solutions are fast emerging as key tools in the space. They can help safeguard data digitally and ensure that those seeking access to sensitive medical records are authorized to do so.
Progress On Data Protection With Digital Id Verification
Confronting potential security issues in an era when health services are going digital involves understanding the threat and combating it proactively. This is especially true as medical devices themselves become more sophisticated and interconnected, exposing new avenues for fraudsters to exploit and access sensitive information. This requires a modern approach to security and identification, and many providers realize the benefits that newer digital ID processes offer.
Digital ID-based approaches to security can help users tokenize their personal medical information, making it much less likely that fraudsters can gain access. Such approaches can also help providers rapidly and safely authenticate patients’ data, cut down on medical identity theft and reduce overhead costs related to administration. Consumers are also fond of password-less tools and other innovations that can give them faster and more satisfying experiences during login. PYMNTS’ data reveals that healthcare consumers prize convenience and ease of use as much as security. Forty-five percent prefer verification methods that allow them to create accounts easily, 42 percent prize convenience and 40 percent single out better security.
The healthcare space is going digital at a rapid clip, as are many industries. This has created hurdles for providers working to comply with HIPAA regulations while keeping patients’ data secure, especially as many healthcare employees are operating remotely. The key to keeping this data from falling into the wrong hands could lie in robust digital ID solutions.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More