The 3 Biggest Threats to Data Security and Privacy in Healthcare Today

The 3 Biggest Threats to Data Security and Privacy in Healthcare Today

11/08/2017

by Jesse Braasch & Jason Langston

 

According to a new report on healthcare data breaches in 2017, the three greatest threats to data security and privacy this year have been human error, hacking/malware and insiders. To prevent breaches, all industry players need to ask themselves if they are vulnerable to these threats and ensure that their software systems are updated.

 

  1. Unintended Disclosure: 41 percent (the large majority) of breaches are the result of unintended disclosure, a.k.a. user mistake or human error. These incidents can come in the form of emails inadvertently sent to the wrong recipient or emails that contain protected health information (PHI). Discharge instructions may be given to the wrong patient, or a server containing PHI can be accidentally left open to the public. Workforce training and education can go a long way to diminish incidents of unintended disclosure.

 

  1. Hacking or Malware: Hackers have continued to disproportionately target healthcare organizations in 2017, organizing significant and sophisticated attacks that account for 15 percent of breaches so far this year. Phishing attacks on hospitals, insurance providers, medical equipment suppliers and others have resulted in the leaking of tens of millions of patient names, social security numbers, medical records, diagnoses, treatment information and other clinical data.

 

  1. Insiders: Disproving the old-fashioned theory that the best way to protect data is to keep it close to home are continuing reports of employee snooping or physical theft of on-site devices and data, which account for 15 percent of breaches (physical loss can be blamed for another 8 percent). Typically this can involve an employee viewing records without a work-related reason. Of note, the number of breaches attributed to employees are on the rise, but they are generally easier to mitigate than external threats.

 

Though the healthcare industry was slower to adopt cloud computing than other industries, but most healthcare providers and employers now overwhelming believe that patient and employee benefits data is safer being managed by a software-as-a-service (SaaS) company than it is with on-premise software. SaaS platforms are also more likely to have data engineers and software experts dedicated to continuously monitoring and guarding accounts for the above threats.

 

How can a company know if a SaaS provider can be trusted to provide secure custody of data? Verify that they understand the regulatory requirements and are strictly compliant with HIPAA, SSAE 16 and PCI.

 

 


Jesse Braasch

Vice President of Infrastructure and Operations at WEX Health

Jesse Braasch is the Vice President of Infrastructure and Operations at WEX Health, the largest Software as a Service (SaaS) company in the healthcare payment market today. His favorite saying is, “The most dangerous phrase in the English language is, ‘We’ve always done it this way!’” In the ever-changing, always dynamic world of consumer directed healthcare, Jesse’s dedication to innovation and excellence will continue to keep WEX Health at the forefront of the current healthcare revolution.

As the consumer driven healthcare industry grows exponentially, Jesse will help ensure WEX Health’s technical ecosystem has best-in-breed features, stability, security, and quality of service so the company is able to scale in parallel with the industry. Jesse’s passion is delivering creative yet rock solid technologies that truly solve the needs of the customer and enable speed to market.

Regarded as a veteran of the technology industry, Jesse has over twenty years of experience working for industry leading SaaS corporations and Fortune 500 companies. Most recently Jesse was Director of Infrastructure for XRS Corporation, a SaaS company providing trucking fleet management solutions, where he led server, storage, database, and IT operations teams. Prior to working at XRS, Jesse held technical and team leadership positions at Target Corporation, Fair Isaac Corporation, and Travelers Indemnity Company.

After serving in the United States Marine Corps, Jesse earned his Bachelor’s Degree in Information Technology from Capella University, and is currently pursuing his Masters of Science degree in Security. Jesse, his wife, and two teenage sons live in Maple Grove, MN, where he is an active volunteer in the community’s youth ice hockey association.


Jason Langston

Vice President of Infrastructure and Operations at WEX Health

Jason Langston leads the Enterprise Architecture and Application Security team at WEX Health. This team works closely with the IT Security, Compliance and Fraud teams to ensure the robust security and scalability of WEX Health Cloud. They run the software security assurance program, performing various tests, scans, attack models and reviews to identify, fix and prevent security issues. Jason has worked at WEX Health for 13 years and in the tech industry for almost 20 years in various technical and leadership roles, with a strong focus on architecture and security.