A data breach can devastate any business but healthcare organizations are especially vulnerable. According to the annual IBM Cost of Data Breach studies by the Ponemon Institute, healthcare has the highest data breach cost per record of any industry. The main reason? Regulatory fines.
HIPAA noncompliance is a costly mistake. In 2018, the HHS Office of Civil Rights (OCR) set an all-time record year as far as HIPAA enforcement goes, meting out $28.7 million in fines. OCR’s $16 million settlement with Anthem was also the highest ever—and a nearly threefold increase from a previous $5.5 million record.
Smaller healthcare organizations are not immune to HIPAA fines, as we’ve seen in cases such as the Center for Children’s Digestive Health. For these smaller hospitals and practices, the losses are even more overwhelming.
The Costly Consequences of Data Breaches
In addition to fines for HIPAA noncompliance, other direct and indirect costs of data breaches to healthcare organizations include:
Class-action lawsuits: In March, a class-action lawsuit was filed against the University of Connecticut Health Center, after a data breach was discovered last December. It’s just the latest in a series of civil litigations resulting from compromised ePHI.
Reputational damage: In a consumer-driven healthcare economy, you can’t afford to see your name in OCR’s Breach Portal. Savvy consumers may use this “wall of shame” to weigh their decisions about provider choices.
Add it all up and it’s easy to see why pressures mount on hospital IT staff, ill-equipped to deal with these threats.
Improve Security Posture with SOC-as-a-Service
To avoid the high-cost consequences of data breaches, healthcare organizations need a security operations center (SOC) for advanced threat detection and response. In contrast to the resources and budget required to build and maintain an in-house SOC, a a SOC-as-a-service is more scalable and cost effective. Yet, it also provides:
- Expert 24/7 monitoring and a dedicated security team
- Actionable threat intelligence
- Ongoing vulnerability scans and risk assessments
- Compliance monitoring and reporting
Streamlined Auditing Requirements
As part of HIPAA compliance, you must regularly monitor access to and interaction with ePHI. Simply logging activity is not enough–you need to examine the logs.
A SOC-as-a-service solution allows healthcare organizations to:
- Monitor user and admin access and config changes to all ePHI-related systems
- Audit changes to Active Directory, file servers, and group policies
- Flag unauthorized actions
- Monitor and report user activity in Active Directory and endpoints
- Detect anomalies
Always Be Prepared
Staying secure against today’s burgeoning cyberthreats isn’t easy. Especially for organizations in industries under constant attack, such as hospitals, clinics, and healthcare practitioners. Learn more about the advantages of SOC-as-a-service — download our free white paper.