Health care data is heavily monitored in the U.S. The Health Insurance Portability and Accountability Act has very strict regulatory standards about how this kind of information can be handled. One wrong decision could result in some hefty fines, even if the person or organization didn’t know they were making a mistake. The American Medical Association has stated that even accidentally violating HIPAA could cost a medical facility up to $50,000 per violation.
Clearly, making a mistake when handling medical records isn’t an option, which is why ISG Technology works with health care providers to ensure they don’t stumble. But what exactly can ISG do for you?
“Accidentally violating HIPAA could cost a medical facility up to $50,000 per violation.”
Issues with security aren’t always apparent
The main advantage of partnering with ISG is that we can help you get ready for an actual HIPAA compliance audit by zeroing in on problems you might not even notice.
One of the main issues our engineers run into when assessing a hospital’s network is the fact that security credentials often aren’t taken as seriously as they should be. Basically, employees who only need to view certain kinds of data are often able to access information they shouldn’t be able to see. In an average hospital network, only about two or three employees should be given admin privileges. However, ISG experts often come into an assessment and find that 100 workers in a 700-user system will have domain admin accounts.
This is a problem because it creates a huge number of entry points for a hacker who can socially engineer her way into accessing one of these accounts. According to past experience recounted by security firm Social-Engineer, more than two-thirds of employees will provide a stranger with their information such as their birthday, Social Security number or their personal employee ID. A hacker could easily call into this hospital and use this information to trick a staff member into giving them login credentials to an admin account, thereby allowing the criminal free reign over a network.
Sometimes, accessing private information is as easy as asking for it.ISG can help you fix these problems and pass an audit
HIPAA audits are extremely comprehensive, and getting a perfect score is next to impossible. In fact, as the above example shows, health care facilities often have numerous issues that they don’t even know about, which can decrease an organization’s standing if an auditor were to discover these problems.
ISG can help these facilities decrease the number of red flags to a manageable and reasonable number, thereby increasing the chances of passing an inspection. Health care data is extremely private, and ensuring its safety should be a top priority.
