LexisNexis® Risk Solutions surveyed more than 100 healthcare organizations (HCOs) about their cybersecurity strategies and current patient portal security. It turns out that patient portals may not be as secure as HCOs perceive. In fact, 58% of HCOs believe the cybersecurity of their online patient portal is above average.1 However, healthcare data breaches increased 5% last year affecting 15 million patient records which was 3 times more than in 2017.2 There were also a record 1 billion bot attacks in the first quarter of 2018.3
The vast increase in data breaches occurring within healthcare organizations begs the question, "Why?" According to the Crisis Management group of Edelman Public Relations presentation at HIMSS this year, healthcare organizations have become primary targets for three reasons:
- Outdated systems
- Low layers of security
- Healthcare companies are statistically known to pay a ransom
As digital health initiatives such as mobile apps present more opportunities for patient engagement, there are also more vulnerabilities than ever before to patient data. As a result, health plans are experiencing a record number of data breaches and suffering millions of dollars in fines, settlements and operational losses. When fraudsters are successful, it compromises patients' trust in the healthcare organization, increases costs for the healthcare organization if they have to remediate a breach, and potentially leads to patient safety risks if any of the patient's health data is altered and caregivers then act on bad information. Not to mention, patients will go somewhere else if they don't trust that you can take care of their data.
This is why it is an ongoing challenge to balance your health plan's responsibility to secure all access points and protect patient data while providing frictionless points of access for portal adoption. Members are increasingly taking control of their health through the engagement of member portals. By engaging in member portals, users are able to:
- View and get answers to coverage questions
- Track claims and account activity
- Locate providers and services
- Find health advice
- Manage their member profile
- Pay bills
- And more…
As the ways in which members access their data becomes more sophisticated, so too do the ways in which hackers are finding ways to commit fraud. While members are accessing their data, employees and vendors are also logging into systems at other access points, and those access points need security as well. Protecting organizational data and the identities of members is not only the responsibility of the health plan, but it is required by several regulations such as HIPAA, HITECH and the FACT Act. Meanwhile, other regulations continue to promote patient and member engagement through things like 21st Century Cares Act, My Health E Data Initiative and Trusted Exchange Framework and Common Agreement.
So what’s the solution to this balancing act?
LexisNexis Risk Solutions offers layers of defense to ensure security while enabling your organization to function quickly and efficiently. Download our latest e-brief to explore ways to reduce the risk of a data breach, discover the necessary steps to validate and verify member information and identify the ingredients for a strong multi-factor authentication strategy.
1 LexisNexis Healthcare Survey Results, April 2019