Stephens_Blog_Web1It might have been too much sun or not enough water—probably both. In any case, my wife ended up with a kidney stone while we were on vacation in Europe. So we went to a local hospital where they took great care of her. We paid the bill and got back to our vacation.

Just about two years later, I get a call from a “collection agency” saying that we still owed 500 euros. But if we made a payment over the phone, they’d give us a 20 percent discount. I asked if we could review our records and get back to them. Grudgingly, the caller agreed and followed up with an email repeating the same story given to me over the phone. Luckily, my wife found a copy of our bill showing paid in full, which we emailed back and we never heard from them again.

I would bet that this incident was the result of my wife’s medical record being stolen by cybercriminals. Many health leaders might think that because they don’t store credit card information, cybercriminals aren’t interested in them. But, according to this article, medical information is worth 10 times more than a credit card number on the black market and cyberattacks against health organizations are on the rise.

Fraudulent billing such as my experience is one example of how information from patient records can be used to scam people. Fabricating insurance claims and creating fake IDs for various purposes using social security numbers and other personal information are just a couple more examples.

And criminals move much faster than legislation. So just because you’re compliant with health industry standards such as HIPAA or EU model clauses doesn’t necessarily mean you’re protected from sophisticated hacking techniques that have been developed since the last regulatory compliance requirements were passed. If you’re not staying up-to-date to guard against the current threat environment—which often changes on a weekly basis—no matter how compliant you are with regulatory standards, you’re still at risk.

There are many ways that cybercriminals are infiltrating health organization’s IT infrastructure, so it’s essential to take a holistic approach to defending against them. Here are three steps:

  • Understand your current security posture.
  • Be aware of current threats to your environment and assets.
  • Come up with a plan to protect your assets and mitigate threats.

Microsoft has security experts that live and breathe this stuff day in and day out. We have implemented and secured technologies in thousands of health organization environments.

You can take advantage of the wealth of knowledge our people have through the Microsoft Security Risk Assessment. We’ll take two seasoned security experts and put them onsite with you for two weeks. They’ll assess your current security environment across technical, organizational, and operational controls, and then give you a prioritized, actionable roadmap with specific steps to meet your needs. You can learn more here.

In today’s world, it’s more essential than ever to take a comprehensive, methodical approach to protecting your organization and your patients’ information against increasing cyberattacks in the health industry. Please let us know if you have any questions or need help toward that end. Send us an email or let us know on Facebook or via Twitter.