From October 2009 through the present day, one industry alone has reported 900 different breaches. And none of those 900 were limited in their scope – in each, at least 500 individuals were affected. Who knows how many other smaller breaches happened, without public knowledge.
The industry we’re describing probably isn’t any of the ones you might guess – maybe retail or financial services – it’s the healthcare industry. And we can be absolutely certain that the numbers really are this high because the healthcare providers are required by law to disclose any breach affecting 500 or more individuals.
Since the HITECH Act of 2009, the U.S. has been grappling with how best to adopt new technology like electronic health records and telemedicine tools. The challenge is always to walk the line between improving patient care, without jeopardizing patient privacy.
For that reason, the Department of Health and Human Services is now responsible for reporting breaches to the public. It doesn’t matter whether the breach is the result of negligence involving an inadequate remote access policy or the theft of a laptop – all major incidents are reported. Healthcare information is particularly valuable to attackers because it can lead to even more lucrative data, such as bank account information or prescriptions that can be used to obtain controlled substances.
Yet, these incidents involving healthcare providers aren’t the ones making national headlines. Usually, widespread public panic involving network security is reserved for high-profile breaches of retailers and financial providers instead.
The silver lining is that every time another Target or Home Depot is attacked, retailers are again reminded that they could be next in the crosshairs. Their response is to reinforce their defenses. And as we know, hackers are persistent, but they’re still governed by human nature. They will aim for the path of least resistance – there’s little reason for them to try, and potentially fail, to attack an on-notice retailer, if an unaware, vulnerable healthcare provider is also in the picture.
That’s why the FBI put healthcare providers on notice back in April, with a warning that they could be especially vulnerable to cyberattacks. The FBI said that the healthcare industry is not as “resilient” to cyberattacks, despite how much damage they could cause.
That’s in part why three government agencies – the U.S. Food and Drug Administration, and the Departments of Health and Human Services and Homeland Security – hosted a public workshop on October 21-22 to “catalyze collaboration,” as a means to improve medical device cybersecurity.
That information session helped bring these issues to the forefront, but ultimately, when it comes to healthcare network security and keeping “data in motion” safe, the responsibility rests primarily with individual providers.
Healthy Patients, Healthy Network Security
One such provider is American Hospice, which calls a secure communications environment a “cornerstone” of its mission to care for patients. For a national care provider like American Hospice, whose 180 home healthcare workers treat more than 1,500 patients, secure remote access is essential.
American Hospice employees need to be able to safely and quickly update files while on the road. It’s not just about meeting HIPAA requirements involving privacy – it’s about improving worker productivity (by removing manual, paper-based processes), reducing operating costs and protecting sensitive patient information, as well as its own IT system integrity.
In May 2010, American Hospice turned to a Secure Enterprise VPN solution and gained all of these benefits. Workers are now able to safely and remotely access the network through secure mobile devices, allowing them to keep the main office updated, in near real-time.
The goal of all healthcare providers ought to be safer care for patients and peace of mind for their families, and thanks to its secure remote access capabilities, American Hospice has finally reached that point.
Want to learn more about remote access VPN?
In Remote Access VPN For Dummies, we cover:
- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs