The medical industry is one of the most sought after industries for hackers due to the amount of personal information contained in medical records. While HIPAA protects the medical records of people, veterinarians don’t have to abide by HIPAA, as their patients aren’t human. Despite this, they do collect the personal information of their patients’ owners, making veterinarians prime targets for cyberattacks.
HIPAA concerns have become second nature for many physicians, inspiring a series of best practices designed to protect the personal information of their patients. In fact, there is a cottage industry based on providing physicians the resources needed to protect not only their patients, but their practices as well, from data breaches. Veterinarians are one of the few medical professionals immune from HIPAA, leaving them with a blind spot in regards to cybersecurity.
According to the Bureau of Labor Statistics, there are approximately 1,680 veterinarians in Maryland, and unlike other physicians, none of them are subject to HIPAA regulations. This is due to the simple fact that their patients are not human. Without the pressure of HIPAA regulations, there is a risk that many veterinarians aren’t following best practices regarding cybersecurity and other forms of data protection.
Of course, the irony is that while their patients aren’t human, their owners certainly are! Veterinarians as medical professionals have access to a wealth of personal information. No, not Spot’s personal information, but Spot’s owner’s personal information. This personal data is valuable to hackers who consider medical data to be some of the most useful data to compromise due to the amount of information contained within it.
I’m Not a Big Practice
While you may think that having a small practice would save you from cyberattack, think again. Yes, enterprise level businesses and hospitals offer great rewards; but they also provide a significant risk of being caught. A smaller business, like yours, may offer a smaller haul, but there is less of a chance of being discovered.
Hackers rely on the inactivity of smaller businesses that don’t focus the attention needed on their cybersecurity. This occurs mainly because most small businesses don’t think they are a target and don’t protect themselves. The hackers know and count on this, considering smaller businesses and organizations more than a low-hanging fruit.
A Cybersecurity Plan Can Prevent Practice-Closing Events
One thing to consider is that Maryland has a data breach law; this law requires written notice to be sent to any customer affected. Now add the need of offering credit and identity monitoring services to affected customers, and you can see how expensive a security event can be.
Gone are the days of a breach being treated as little more than an event that happens and is outside the responsibility of the business. As people become more aware of cyber-criminality and the damage it can do them, their credit, and their personal and professional lives, they are less tolerant of it than they once were.
Your clients expect your business to protect their data and will hold you accountable when you fail to live up to expectations. Customers are receiving increased legal protections such as the Fair and Accurate Credit Transactions Act and the Financial Modernization Act, which can provide significant penalties and costs to defend against.
While the fallout of bad publicity from a breach can damage your business’ reputation, there’s also an increased risk of finding your business sued by your customers for damages to their security. Such a suit will not only damage your reputation, but it may also close your business permanently.
Some Best Practices
When it comes to protecting your business and customer’s data, the first thing you need to do is to commit your business to implement a security plan, and at least have a consultation (which we offer on a complimentary basis) with a security specialist.
Before then, here are some best practices to consider:
- Only store the information you need
- Ensure your business is PCI (payment card industry) compliant
- Encrypt your data
- Limit access based on user roles
- Have a data breach plan
- Purchase insurance
If your practice utilizes medical records and other sensitive information, you have a responsibility to secure it. If you don’t make sure it’s protected from hackers, you could be exposing your practice itself to the risk of being compromised.
To find out how your business fares regarding data compliance, reach out to Dresner Group at 410-531-6727. We will work with you to ensure that you’re as proactive as you need to be, so you can be confident your client’s data is secure.