As most of you know, the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar rules apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act, implemented and enforced by the Federal Trade Commission (FTC).
By definitions, a breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. As the breaches are being reported in the course of the last 6 years, some changes in nature of breaches should be discussed.
We have analyzed the data reported to U.S. Department of Health & Human Services on Breaches of Unsecured Protected Health Information affecting 500 or more individuals, grouping the “Unknown” and “Other” categories into one. According to the statistics, there are certain changes in numbers that deserve a special note that should be discussed in the IT and business community.
As you can see from the data in the charts below, the year 2015 brought significant shift in breaches resulted by theft and unauthorized access to data, although it seems organizations are becoming more serious about physical security of data, with numbers of theft incidents dropping down. However, there is something to be said about companies needing to pay closer attention to their business computer network security services. For the first time unauthorized access to data exceeds the numbers of other types of breaches, while theft is no longer a leading type of breach: there were 119 incidents of theft in 2014, compared to 80 incidents of theft in 2015, while unauthorized access/disclosure incidents numbers changed from 88 in 2014 to 101 in 2015.
2015 Has been a record year for the amount of records breached by Hacking/IT Incidents, accounting for a staggering 98.7%, with Unauthorized Access/Disclosure being a tiny second.
Importance of Computer Network Security
Unsecured network can have impact your business by compromising your business data, affecting productivity, growing financial loss, and inducing legal liabilities.
Hacking results in most individuals affected, and with the shift in types of breaches bringing Hacking/IT Incidents to the forefront, it is most important than ever to be vigilant about data and network security. Entities should be educated about risks, prevention and remediation plans. Number or records hacked, while very significant, gives us a bit distorted point of view, since one “lucky” hack can produce millions of records breached, as proven in the cases such as Anthem Insurance hack. However, the fact that number of hacking incidents reported is on a fast rise, should put very business owner on high alert.
We recommend to every organization to take proactive measures, by implementing a security policy, training employees, performing a security audit, and implementing every necessary measure to make their computer network compliant and secure.
Need Computer Network Security Services for Your Business?
Network Security services from powersolution.com can reduce the total costs of your IT issues and the resulting downtime. We can help you every step of the way to make sure your network is secure, and your business data is protected. Our engineers are professional experts in network security solutions, we help you define your specific network security needs, provide with most efficient solution, and take measures to keep the malicious users out of your business computer network and also use control over your users who exhibit risky computer behavior within your organization. We can help you every step of the way to make sure your network is secure, and your business data is protected.
powersolution.com specializes in providing Network Security and managed IT services, offering offer assessment, audit, planning, implementation, monitoring and management of complete data and network security solutions, providing your business with a complete intelligent business continuity service. After we analyze the state of your current network, and discuss your specific business needs with you, we help your create a formal network security policy and to understand what information and services are available, to what extent and to which type of users. It is important to define what the potential is for damage and whether any protection steps have already been taken to prevent misuse, and to include damage control protocol into your data security policy.