For years the healthcare industry has been a prime target for cybercriminals, and there is no sign of healthcare data breaches slowing down.
Healthcare data breaches are not only a costly catastrophe, but an event that compromises the safety and identity of customers. The Ponemon Institute estimates that data breaches cost the healthcare industry approximately $6.2 billion, and as a direct result of data breaches, records of subscribers are exposed due to hacks, lost or stolen devices, unauthorized disclosure, and more.
In 2017 alone, healthcare data breaches were abundant. Delaware-based Medical Oncology Hematology Consultants began notifying patients in July of a ransomware attack from June that potentially breached the records of 19,203 patients. Just over 106,000 patients were possibly affected by a potential data breach at Mid-Michigan Physicians Imaging Center, and in August, Los Angeles-based Pacific Alliance Medical Center disclosed that it was hit by a ransomware attack, potentially breaching protected health information of 266,123 patients. What does this tell us? Healthcare data breaches are not slowing down, not one bit.
The most commonly exposed data in healthcare breaches are medical records, followed by billing and insurance records, and lastly payment information. Of these, cyber-based attacks remain the number one cause of data breaches.
Protecting sensitive information is important, particularly in the healthcare industry. Medical records are full of data that would be an identity thief’s dream come true; names, addresses, social security numbers, health plan information, and so much more.
Medical record retention is an important aspect of the Health Insurance Portability and Accountability Act (HIPAA) compliance, and so is how these records are destroyed. HIPAA, which was passed by Congress in 1996, contains provisions designed to protect patient privacy. Of course, HIPAA isn’t just exclusive to medical records. There’s also personal health information on medical waste devices as well, such as specimen cups, IV bags, and blood collection vessels.
HIPAA has increased enforcement and leaves no room for error. Because of HIPAA, there is growing interest in effective and efficient ways to manage protected medical records, but more importantly, how to destroy them and render them useless once they are no longer needed. For the healthcare industry, paper shredding is essential to HIPAA compliance, as is hard drive and media destruction.
As long as it remains profitable for hackers and thieves to conduct attacks on healthcare organizations, the attacks will continue. All healthcare organizations can do is to improve their defenses and make it harder for hackers to succeed. This includes employing the use of third-party services for digital file keeping that help keep records in tact and safe from hacking.
For physical records and personal health information on medical waste devices such as specimen cups, IV bags, and blood collection vessels, there is professional shredding. Red Bags, along with its sister company, Legal Shred, we protect our customers by providing secure paper shredding and hard drive destruction under the confines of HIPAA, as well as other federal and state destruction laws. More than 40 Federal laws mandate that all business, healthcare, and financial institutions protect the confidential information of their clientele. Red Bags and Legal Shred can help you stay compliant and avoid healthcare data breaches.
Contact us today to discuss service options for your medical records and hard drive destruction needs.
Want to learn more? Follow Red Bags’ blog to be up to date on the latest happenings in the medical waste industry.
You Might Also Like:
- Administering the Annual Flu Shot? Here is What You Need to Know about HIPAA’s Privacy Rule
- Shredding and Recycling Your Old X-ray Waste
- HIPAA and Medical Waste: What’s the Rule?