Greetings and welcome back! This week, we begin a look at HIPAA Cyber/Physical/Operational security, specifically addressing the HIPAA Breaches and Data Rack Security. This last week, the Federal Government’s Health Care Industry Cybersecurity Task Force released a stinging report on the continuing rise in HIPAA breaches and the failure of cyber/physical/operational security solutions being employed. Over the next few weeks, we hope to address some key points of data protection that are largely ignored by the large companies servicing the HIPAA marketplace. We will begin this week with an overview of the 3 key aspects of HIPAA security:
- Physical Access Security
- Operational Security
The cyber security, physical security and operational security of your electronic Protected Health Information (ePHI) is all covered by HIPAA and the HITECH Act – where the penalties for HIPAA and there violations receive their teeth. And as the following graph shows, the actual data breaches reported during 2016 by Health and Human Services reflected a broad variety of indigents from each of these three areas. As you look at this graph – several things may strike you as surprising:
- Unauthorized Physical Access (this means by a person who has been given access to the physical data) and Physical Theft comprise more than 1/3rd of all HIPAA violations.
- Unauthorized Cyber Access (again, meaning network access by someone who has been given access to the data) is nearly 1/5th of all HIPAA violations.
- Operational Incidents – where data is destroyed or lost accounts for a significant amount of HIPAA violations
Thinking about these facts for a minute, let’s now dive one step deeper to seeing exactly where these data breaches have come from. research from Protenus shows, insiders actually accounted for more than 40% of all data breaches! These are the unauthorized cyber and physical access and part of the physical theft and operation incidents.
Let’s digest all of this information for a minute. We know from the new government report that HIPAA breaches despite companies spending more money on cybersecurity. What we have learned from the actual breaches reported last year is the following:
- 43% of all HIPAA Breaches were Physical or Operational Incidents
- Most all of these Physical and Operational Breaches were related to Insiders
These facts make it very clear that looking purely at cybersecurity firewalls to protect your organization against data breaches is literally only covering about half of the problem. The data in your system is largely located at rest and in transit through your data rack in your network room and anyone who can gain access to that rack can steal data at will. This is exactly the reason that we built RackGuardian – to protect from ALL threats – cyber as well as Physical and Operational. We encourage the reader to look deeply at the full-spectrum of security protection offered by RackGuardian and we are always more than happy to confidentially chat with you about your own security needs.
Until next time,