Medical data breaches target financial information
For medical organizations, preventing data breaches is an important responsibility, and it's one that often brings to mind safeguarding electronic health records (EHRs). After all, these documents house a wealth of information about the individuals who receive care at a particular hospital or healthcare practice. However, it is critical for medical institutions not only to keep EHRs secure, but to ensure patients' financial details don't fall victim to thieves. Any stores of credit card information need to be given special attention, and this may include addressing such sensitive data with the help of remote database support.
Breaches go for the gold
ZDNet pointed out that in the latest Verizon Data Breach Investigation Report (DBIR), experts found that EHRs may not actually be the most attractive target for cybercriminals and malicious insiders. In fact, in an Industry Snapshot for the healthcare sector, Verizon revealed that point-of-sale (POS) terminals are actually at the root of the majority of medical data breaches, making up 64 percent of compromised assets. The runner-up on the list at 48 percent was POS servers. What this may indicate is that for hospitals, it may be most important to make sure whichever party is in charge of safeguarding patients' credit and debit card numbers is following best practices, ensuring any databases containing that information is absolutely secure.
Back in April, Suzanne Widup, senior analyst on the Verizon Risk Team and an author of the 2013 Verizon DBIR, told eWeek that breaches in the context of the healthcare industry often aren't drastically different from those that occur in other fields.
"We find that the health care breaches act a lot like retail breaches in as much as that it's the organized crime groups going after the payment chain, so they're looking for the credit cards and the Social Security numbers they can turn into money," Widup said, the source reported.
Widup added that one of the concerns is that in the process of attempting to gain access to financial details, criminals will also try to steal some sensitive medical data in the process. As this could ultimately result in HIPAA compliance violations, she noted that healthcare systems have extra motivation to strengthen the protections securing systems that contain payment information.
By leveraging remote dba experts, hospitals and medical practices of all sizes can take a big step toward keeping their patients' private information under lock and key, far away from cybercriminals' prying eyes.