Four cybersecurity mistakes health plans make

It’s no secret that healthcare organizations are the most vulnerable and valuable when it comes to hackers. In the last five years, healthcare organization have seen a 125% increase in healthcare data breaches, according to a study released by the Ponemon Institute in May 2015.  The study also revealed that 91% of healthcare organizations and 59% of business associates that work with healthcare organizations have experienced a data breach in the past two years. In total, more than 7 million patient records were impacted by data breaches in 2013, according to Caradigm, which estimates that data breaches cost the healthcare system more than $5 billion a year.

SockriderThough many healthcare organizations are following and complying with HIPAA guidelines, attacks are becoming more nuanced and harder to detect. “The first layer is always defensive in nature, protect what you have, control access, track usage, and encrypt where appropriate," says Gary Sockrider, principal security technologist at Arbor Networks. "Visibility comes next because you can’t defend against a threat you can’t see. It is critical to know what is happening and where your vulnerabilities exist. Visibility naturally leads to detection and incident response. But ideally an organization will need to evolve beyond reacting to the known and on to proactive hunting for the unknown."

To help ensure you are doing all you can to prevent a security breach, we asked the experts to weigh in. Here they identify four of the biggest mistakes health plans are making.

Internal server error