In an important step to enforce new state laws around protecting the privacy of medical records, the California Department of Public Health (CDPH) has fined five California hospitals a total of $675,000 for failing to prevent unauthorized access to their confidential patient information.
With targeted malware attacks posing greater threats to health care institutions, the director of CDPH, Dr. Mark Horton, said ensuring the privacy of patient data is a critical component to the medical industry.
“Medical privacy is a fundamental right and a critical component of quality medical care in California. We are very concerned with violations of patient confidentiality and their potential harm to the residents of California.”
While Federal regulations such as HIPAA have prompted health care organizations to take measures to better protect digital patient records, stopping highly targeted cyber attacks continue to be one of the industry’s top challenges.
With cyber criminals focused on stealing valuable patient information, health care organizations need to go beyond meeting a set of guidelines if they are going to successfully stop more sophisticated malware attacks. They have to take a serious look at how they are currently defending their networks and implement endpoint security solutions that can effectively stop these threats.
With many health care institutions still relying on traditional antivirus to protect their enterprises and multi-user workstations from more targeted attacks, it’s simply not enough. Blacklisting solutions have become ineffective in stopping new forms of malware popping up every day. Instead of relying on reactive methods, health care professionals need to consider more proactive approaches such as application whitelisting, which has been proven to protect private networks from attacks specifically intended to access their enterprise.
While stiff penalties for violating Federal regulations provide clear incentives for health care organizations to take steps to meet the required guidelines, they are nothing compared to the potential long-term impact — which include the loss of patient trust and damage to a health care institution’s reputation — should their patients’ information or data ever be compromised.