Industry Insights

/ Resources / Industry Insights /

Making an Investment in Cybersecurity

The most publicized data breaches tend to involve retail giants, but it’s usually an entity’s partner or vendor that gets compromised – that’s especially true in the healthcare industry. Partners are essentially extensions of the health plans they work with since they have access to their systems and member data. That’s why it’s crucial for plans to choose partners that have the best-in-class security controls.

The Gold Standard

The Health Information Trust Alliance (HITRUST) is the current gold standard in the industry, encompassing frameworks like Payment Card Industry (PCI) Data Security, National Institute of Standards and Technology (NIST) and – of course – the Health Insurance Portability and Accountability Act (HIPAA). To ensure the protection of client data, solutions providers such as Advantasure have taken steps to obtain certification. However, certification alone does not guarantee security. Policies, processes, standards and technology controls are needed to maintain security frameworks and protect member data.

Where to Start

1) Complex passwords/passphrases
Even strong passwords can be cracked – it just takes longer. Here’s the good news: hackers are lazy. They don’t want to wait an hour to break a password when there’s one out there they can crack in five minutes. Passwords are the first level of defense when protecting client data. They require upper and lowercase letters, numbers and special characters.

2) Two-factor Authentication
Passwords alone don’t provide the level of security required to adequately protect client data. In addition to a username and complex password/ passphrase, two-factor authentication requires employees to enter a randomly generated code that is sent to their mobile device, key fob or other security token.

Changing Employee Behavior

Cybersecurity always seems like someone else’s problem, until it happens to you or someone you know. A lot of people try to use something like “summer2018,” and update it as the seasons change. It helps to ask employees how they would feel knowing a password like that was the only measure protecting their personal information and, ultimately, their identity. The truth is, you can never have enough security. The trick is making sure security measures don’t impede your organization’s ability to get work done.

The Cost of a Breach: $408/Patient Record

Lost or stolen records containing personally identifiable information cost healthcare organizations an average of $408 each, according to a July 2018 study by IBM Security and the Ponemon Institute. Meanwhile, the average cost across all industries is $148 each.

Find Out How We Can Help You Drive Forward

Get Connected AFGroup AWS