Healthcare Data Breaches Increase in 2013; Errors Traced to Admin Passwords
Healthcare data breaches are on the rise from 2012 to 2013, as Experian’s 2014 Data Breach Industry Forecast report reveals. And in another report, Redspin’s 2013 Breach Report: Protected Health Information (PHI) stated that there was a 137.7 percent increase in the number of patient records breached from 2012 to 2013.
In three of the top 10 breaches in 2013, the error was traced to poor administrative password behavior, such as keeping default passwords or sharing passwords, according to InformationWeek.com.
This draws the spotlight on the recently updated HIPAA compliance regulations, also known as the final omnibus rule. While two-factor authentication has always been recommended as a security tool to meet the compliance standard for remote authentication access, it’s only recently been drawing greater attention as the threat of a potential government-funded audit looms over the healthcare industry (likewise for business associates/vendors that support the industry).
Drawing parallels to a recent major breach involving the exploitation of vendor credentials, big breaches within a large organization often occur as a result of lax third-party security. As Redspin’s report found, 20 percent of PHI breaches have involved a business associate each year from 2009-2013.
Why is that? Smaller companies that don’t deal with regulated data directly (like credit cardholder or patient health data) might not see the importance of maintaining a high bar for security standards, policies and procedures.
And this very security attitude is what gives hackers the keys to internal networks and systems that should otherwise be locked down. Relying on the security of a password alone is no longer enough for both vendors and core healthcare organizations.
Deploying a two-factor authentication solution ensures that even with lax password practices (particularly by administrators), your organization and users/patients are protected. Find out more about modern two-factor authentication solutions and how they can work with your organization.
For more on two-factor authentication, HIPAA and the healthcare industry, check out:
Two-Factor Authentication for Electronic Health Record (EHR) Apps
Streamlining Two-Factor Authentication for Health IT