Every day health practices obtain sensitive and private data, such as personal health information (PHI), social security numbers, and credit card numbers. Because of this, the healthcare industry has become a prime target for cybercriminals looking to make a profit or looking to make a political or socio-economic statement by tarnishing reputations.

This year we have seen a noticeable increase in cyberattacks on healthcare organizations. Ransomware attacks like WannaCry, which had a severe impact on operations within National Health Service hospitals throughout the UK, have made headlines across the globe. Although the healthcare industry has begun to make cybersecurity a priority, there are still many organizations who are vulnerable to attacks.

This month Delaware-based Medical Oncology Hematology Consultants began the arduous process of notifying their patients of a ransomware attack that potentially breached over 19,000 patient records. The cyberattack began on June 17th, but wasn’t discovered until July 7th – which means the cyberattack went unnoticed for nearly a month. Officials said that electronic files on the provider’s server and workstations were targeted, potentially exposing names, dates of birth, health information, and treatment data.

Medical Oncology hired a third-party forensics team to help recover data and ensure that the ransomware was fully cleared from their network. They are also offering one year of free credit monitoring to all impacted patients. The Health Insurance Portability and Accountability Act (HIPAA) was put in place to ensure healthcare organizations take the proper steps to protect private patient data. Partnering with a team of IT experts to perform a risk assessment of your HIPAA vulnerabilities is one way to avoid security breaches before they happen.

Since the attack, Medical Oncology in Delaware has taken steps to strengthen their security; such as changing network passwords, performing backups, and providing its employees with data security training. Measures like these should be a part of your organization’s ongoing security plan. Ensuring HIPAA compliance isn’t a one time job. With every change to your organization, your policies and procedures should also be updated. Regular reassessment and detailed documentation is crucial to achieving HIPAA compliance.

Avoid the risk of security breaches, staff mistakes, and violations by speaking with the Crossroads compliance team. We have worked for over 20 years in the healthcare industry helping organizations to become HIPAA compliant. Contact us to learn more about what it will take to prepare for a HIPAA audit.