As the workplace around us becomes more and more technologically advanced, so too do security issues that arise as a result of our reliance on technology. It’s an unfortunate truth that modern solutions sometimes cause modern problems, a fact the healthcare sector in particular has been grappling with recently. When hackers get their hands on company data, it’s never a good thing, but when the compromised data is protected by HIPAA, the consequences can be much worse. That’s why it’s so important for healthcare companies to understand how data breaches occur—only then can you create effective policies and protocols to prevent them. 

In this article, we’ll look at three of the most common ways a data breach could happen in your company or organization.

Insider Threats

While the popular image of a hacker is a dangerous outside threat throwing itself against your company’s digital defenses, sometimes the call really is coming from inside the house. Oftentimes, maliciously or not, the most dangerous attacks against a company’s private data come from insiders within the organization. 

In January of this year, the CDH Health System in Tuscaloosa, Alabama, notified patients of a data-privacy breach, in which a hospital employee had accessed a patient’s electronic medical records without a business reason. Further investigation revealed that the employee had also viewed patient records twice between September of 2021 and December 9, 2022, without a legitimate business reason. In total, over 2,000 individuals were notified that their private health and personal information may have been illegitimately accessed by the employee. One business day after discovery, the individual’s employment was terminated. 

While there’s always a risk that an organization insider may misuse their access to private information, data breaches are most commonly caused by unintentional error or neglect. Breaches from stolen passwords are incredibly common, often because of overreliance on easy, predictable passwords, or even moderately secure passwords that hackers crack using software. 

Mistakes like losing work computers and equipment, CC’ing the wrong person on an email, or even attaching the wrong documents in work communication can also jeopardize private data.

Third-Party Apps

Attacks against third parties and vendors can also threaten the privacy of healthcare data. Recently, UCHealth in Aurora, Colorado reported a third-party data breach impacting nearly 49,000 people. UCHealth said that it had been informed that software company, Diligent Corporation, had experienced a security breach that may have included patient, provider, or employee data of UCHealth, stemming from its software being accessed and “attachments were downloaded including UCHealth files.” 

Although UCHealth’s own systems were not directly impacted by the incident, the data downloaded through Diligent’s system may have included information from names and addresses all the way to Social Security Numbers or other financial information, in some limited cases. 

Tools and Malware

Apps, analytics tools, and malware are another avenue through which data breaches may occur. All software has opportunities for technical vulnerability, and hackers can exploit these vulnerabilities in any number of ways. 

In another recent case, UCLA Health announced on January 13th that it had learned of an “issue relating to the use of analytics tools on the UCLA Health website and mobile app.” These analytics tools, which UCLA Health had used from April 2020 until June 2022, may have transmitted information from digital appointment request forms completed on the website or mobile app to third-party service providers. Almost 94,000 individuals were notified of the data breach. 

Trust CompanyMileage To Keep Your Information Safe

As data breaches and hacking attacks on private health information become more and more common, focusing on protecting the safety of healthcare data is more important than ever, and no one understands that more than CompanyMileage. That’s why our software is completely HIPAA-compliant, and offers a three-tiered system, which includes:

Data encryption, including use of split knowledge, dual-control passwords; table-level encryption; password rotation management; log file encryption; and privileged user (root) protection. Our system also has compliance with PCI DSS, HIPAA, HITECH, FISMA and other regulatory guidelines for encryption of data at rest as well as PCI certification and secure offsite key management.

Secure facilities and equipment, with primary servers located at Rackspace’s Chicago data center facility, with 24/7 management and monitoring. Synchronized servers are located at Softlayer’s San Jose, Calif., data center, which also offers 24/7 management and monitoring. Secure servers running RedHat Linux are maintained and serviced daily with any security patches. 

Privacy policies, wherein clients’ address books can be segregated by individual user, department or division. Client names can also be suppressed on physical reports generated by users. CompanyMileage data systems are securely stored and accessible only by authorized company officials.

CompanyMileage understands how important security is for your organization, your employees, and your clients, and we take that security seriously. For more information, contact CompanyMileage today!