According to several news outlets like Reuters, 2015 will be known as the year of health care hacks due to the large number of breaches that occurred in 2014. The number of cyber attacks has been on the rise in recent years. The Washington Post reports that there have more than 1,100 separate breaches of organizations across the industry since 2009.

While this is unfortunate, the Federal Bureau of Investigation did warn the industry that security measures should be improved across the board due to the large number of malicious cybercriminals targeting the health care system. Around 120 million people have had at least a portion of their personal health information stolen by criminals from a health care organization in the last six years.

"That's a third of the U.S. population — this really should be a wake-up call," said Deborah Peel, executive director of Patient Privacy Rights, explained to the Post. 

Now, not only are hackers targeting medical providers and professionals, but they are attacking business associates of health care organizations like medical billing and coding companies and EHR providers. According to Healthcare IT News, Medical Informatics Engineering, an EHR provider based in Fort Wayne, Indiana, was hacked and patient data was stolen. The breach allowed unauthorized access to patient records, resulting in stolen Social Security numbers, lab results, demographic information, medical condition information, log-in security information and more. 

The health care industry is struggling under the barrage of breaches from cybercriminals, but that doesn't mean all practices need to worry. If proper steps are taken in advance, the likelihood of a breach is significantly reduced. 

The state of health care security
With the growing risk of patient information being stolen, practices need to make sure they are protecting patient data. Also, any outside companies or partners who have access to patient files need to take steps to prevent breaches. Currently, health care organizations of all types have to comply with HIPAA guidelines, which is enforced by the U.S. Department of Health and Human Services. The HHS is urging the industry to take additional steps to improve security, according to the Post. 

"Health care organizations need to make data security central to how they manage their information systems and to be vigilant in assessing and addressing the risks to data on a regular basis," Rachel Seeger, spokesperson for the HHS, said to the Post. "In addition, organizations need to ensure they are able to identify and respond appropriately to security incidents when they do happen to mitigate harm to affected individuals and prevent future similar incidents from occurring."

In an effort to improve health care technology, the HHS unveiled a new plan in January 2015. While this proposed plan did address safe and secure exchange of patient data, it was not the main focus of its efforts. Instead, interoperability and a commitment to a data-driven approach to managing health care were stressed . 

What practices can do 
All practices should take steps to secure patient data. Here are some tips for keeping data safe:

  • Encrypt data​: Data encryption is extremely important and can help with security. Talk with your EHR provider to ensure that all of your patient data is encrypted. 
  • Keep your security software up to date​: Cyber security is altered and added to regularly to ward off new threats. If you haven't updated your antivirus software, firewall and other security measures recently, or aren't sure if you have, contact the provider of your security software as soon as possible. 
  • Install tracking software: Software that keeps a record of everything that happens on your system can help you identify how and when a breach happens if such an event occurs. 
  • Have a plan for breaches: Sometimes, even if you take all the right measures, patient information may be stolen. Because of this, it's important to have a plan in place so you can deal with the situation properly. This includes proper notification that a breach has happened and a plan to find out why and how the practice was hacked. 
  • Talk with vendors: Third-party vendors that handle front-office tasks or medical billing and coding should be consulted and their security measures assessed. If they don't have adequate tools in place, they're susceptible to attacks. If they aren't going to improve their data protection efforts, it might be in your best interest to find a new vendor. 
  • Password protection: Install passwords on all computers and systems. While password logins won't prevent all attempted breaches, they can help add another layer of security to your practice's system.