“Anchorage Community Mental Health Services (ACMHS) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule with the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). ACMHS will pay $150,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program.”
ACMHS suffered a data breach of its electronic protected health information (ePHI) that affected 2743 individuals due to malware compromising the security of its information systems. The OCR investigation found that ACMHS “security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software”.
So what is an example of unsupported, unpatched and outdated software? Windows XP is the prime example. Microsoft ended the support for Windows XP in April 2014, which means that it no longer provides security updates for Windows XP. This leaves all computers and other medical devices running XP exposed to malware and viruses that can infect the operating systems, stealing information resulting in data breaches. Despite repeated warnings from Microsoft and security experts, a significant number of healthcare organizations are still using Windows XP
The threat to healthcare data from hackers is real and is rapidly increasing with time. According to Experian’s 2015 Second Annual Data Breach Industry Forecast, data breaches in healthcare are expected to increase in 2015 due to potential economic gain and digitization of records. A healthcare organization is a gold mine of personal information for cyber criminals. This coupled with the fact that the healthcare industry as a whole is way behind other industries in securing its confidential data, makes healthcare organizations prime targets for criminals.
It does not matter whether you are a small healthcare practice or a large hospital. All Windows users must migrate to Windows 7 or Windows 8 operating systems which have enhanced security features and receive regular security updates. This will mean an investment in new hardware and/or software. Yes, it will take time, money and resources, but it is well worth the effort. A few thousand dollars spent now will prevent the loss of hundreds of thousands of dollars later.