Skip to content
Blog
Customer Support
  • About Us
    • Meet KalioTek
    • Join Our Team
    • KalioTek Clients
  • Industries
    • Life Sciences
    • Emerging Technology
    • KalioTek Clients
  • Managed IT & Security

    Managed IT & Security

    You have a business to build. It’s time to get help with the things that are essential but not core so you can focus on what matters most. Get the right skills with the right capacity at the right time.

    Learn More

    Managed Security

    Customers, partners, and investors insist on proven security practices. Security is a never-ending journey, but implementing an effective baseline is not that hard and will dramatically reduce your risk.

    Learn More

    Compliance

    With proper planning, you can build compliance into your IT and security systems as you go, instead of as a separate initiative. KalioTek designs our managed services and project work with compliance in mind.

    Learn More

    Managed IT & Security

    Managed Security

    Compliance

    Get Started

    Managed IT & Security

    Co-Managed IT

    Lab IT

    Security Information & Event Management

  • Consulting
    • Solution Implementation
    • New Office IT Setup
    • Security Consulting
    • Okta SSO
    • Rapid IT & Security Assessment
  • Contact Us

Blog

3 Stories of Healthcare Business Associate Data Breaches Will Shock You

Healthcare Business Associate Data Breaches

3 Shocking Healthcare Business Associate Data Breaches Stories

What the worst that could happen? 3 healthcare data breach stories aren’t for the faint of heart. Find out how to protect your company from similar outcomes  

Breaking news. July 25th, 2019. Northwood, a medical equipment benefits administrator in Michigan had to notify their many healthcare partners that their patient data had been compromised after a hacker bypassed security to access and employee’s email. As a result, over 15 thousand patient records were affected. After spotting seemingly nefarious activity on the email, security was alerted. But they determined that the entity had had access for three days, an eternity to steal patient data. Diagnoses, social security numbers and more were among the causalities.

Alert! Nearly four thousand patient records compromised when Cancer Treatment Centers of America experienced an email hack. If only this were an isolated situation. But unfortunately, it’s the third within a short time as those seeking to do harm deploy email phishing attacks at the company on a regular basis just waiting for someone to take the bait. This time the hacker had access for 11 days.

Not again. American Medical Collection Agency (AMCA) experienced an eight-month hack of patient data that exposed over 25 million patients’ information. Over 20 of their partners were affected, including names you know like Quest Diagnostics and LabCorp. Laboratory Medicine Consultants claims that their business associate, AMCA “downplayed” the incident, leading them to believe that the breach was much less impactful than it was and causing the need for more extensive investigation.

These breaches are recent and investigations ongoing so at this time we can’t quantify the personal casualties, HIPAA penalties or lawsuits that will likely result for both the business associates and the hospitals, labs and other medical providers that trusted them to protect their patients from third-party data breaches.

Stories like these remind us of the impact of healthcare business associate data breaches and the importance of putting systems in place to protect patients and our healthcare company’s financial interests. Let’s explore the solutions that these companies and their partners, unfortunately, implemented too late to prevent the data breaches but you can proactively employ to prevent a similar fate.

1. Get the Business Associate Agreement Updated

As a healthcare organization, you work with several third parties who have access to varying levels of patient data. And we couldn’t function without them.

You need business associates to:

  • Access to expertise you don’t have in-house
  • Keep costs low and standards high
  • Collaborate with other healthcare professionals

While a BAA won’t completely protect you when business associate data breaches occur, it does outline what your partner is doing to keep patient data safe. This allows you to evaluate their standards and make the best decisions for your organization.

2. Re-evaluate What You Share with a Business Associate

Patient information should always be on a need-to-know basis. For example, a collection agency doesn’t need diagnosis information to collect on a debt. But you could be unwittingly sending this if you simply send over un-redacted patient records. You’ll find many examples of similar cases, so evaluate your exposure and limit the risk.

3. Invest in Your People

You can have the highest level encryption, firewalls and anti-virus, but a phishing email can help a hacker bypass all of it. Typically, an employee receives an email asking them to click a link. That link may lead somewhere that looks familiar, encouraging them to enter a password. Or the link may cause the download of a file that compromises security. Stay informed about the risks and continually update your teams about the types of tricks hackers use to access patient data.

4. Vet Third-Party Software

We all know that there’s an app for that. Apps make our lives easier and can do almost anything. And in a business where time is money, we’re always looking for ways to increase productivity, patient satisfaction, inventory management and more. But any third-party software, even if it’s a trusted name like Microsoft or Google, is an opportunity for those trying to access patient data to do so.

Know who your partners are and what security measures they employ. Some software companies have varying levels of security on their software. And we can assure you that if someone in your company is using the “free version” of a service like Dropbox or Google Drive, it doesn’t have the security you need.

Work with IT security experts to evaluate their security measures. And know that software companies also need to sign a BAA if you will be giving them access to patient data. If they won’t sign it, choose another application.

5. Take Stock of Your Current Security Technologies

Are these technologies high-caliber enough for healthcare? Are they able to reduce the risk of today’s modern security threats, which are often clever and highly convincing?

Once again, if you don’t have the high-level security expertise in-house, consult with experts who can evaluate your risks and recommend solutions.

Consult with Managed IT Security Specialists

The average IT director or manager may be very good at his or her job. But today’s security risks extend beyond the training and knowledge of even the best IT professionals. You need to work with security specialists who understand the risks because they manage and eliminate those risks for healthcare companies every single day.

Working with business associates is essential to the function of any healthcare organization, but you don’t have to take on that additional risk when you work with professionals who can help you evaluate those partnerships and keep patients safe.

Let's Talk

Consent(Required)
(Required)

KalioTek respects your data, to learn more, see our privacy policy.

Related Blogs

Outsourcing your SOC: The Right Decision for Mid-Market Companies

6 Vital IT Ops Capabilities for Emerging Companies

19 Years Of Real-World Experience

Security Certifications

4340 Stevens Creek Blvd #250
San Jose, CA 95129

  • sales@kaliotek.com
  • 408.550.8007

About Us

  • Meet KalioTek
  • Join Our Team
  • Customer Support
  • Blog
  • Contact Us

Industries

  • Life Sciences
  • Emerging Technology

Services

  • Managed IT & Security
  • Managed Security
  • Co-Managed IT
  • Compliance
  • Security Consulting
  • Solution Implementation

Consulting

  • Solution Implementation
  • New Office IT Setup
  • Security Consulting
  • Okta SSO
  • Rapid IT & Security Assessment

Social Media

Facebook-f Twitter Linkedin-in

We Are Experts In

  • Co Managed IT Services
  • IT Services for Emerging Technology Companies
  • IT Consulting Services
  • IT Security Cloud Security Consulting Services
  • Managed IT Security Services
  • Cloud Security Consulting Services
  • Life Sciences It Services
  • IT Services for Life Sciences
  • Managed IT Services Demo
  • Managed IT Support Company
  • Managed IT Services for Labs
  • Security Information and Event Management
  • Managed It Security Services
  • Rapid IT Security Risk Assessment
© 2023 KalioTek. All Rights Reserved. | Privacy Policy | Terms of Use | Sitemap