Are Your Data Breaches Coming from Within? New Report Finds Most Healthcare Security Pitfalls Stem from Unintended Disclosure in 2017

Oct 24, 2017

According to a research report from Beazley, and as reported in Health IT Security, 41% of healthcare data breaches over the first nine months of 2017 stem from instances of unintended disclosure.

Within a hospital or other organization, the term “unintended disclosure” refers to erroneous practices where confidential information is either explicitly divulged without permission or left vulnerable for unauthorized parties to access. Examples include sending emails containing PHI, leaving private servers publicly accessible, or using unsecured IoT devices in the workplace to access protected files.

The report also found that the frequency of unintended disclosure incidents was more than twice as the second-most recurrent form of attack, hacking or malware intrusion, which accounted for 19% of all data breach incidents in the healthcare sector so far this year. These findings illustrate that these types of incidents more often stem from within the organizations themselves as opposed to external sources. If confidential information is left exposed by hospital staff through unsecured communications practices, a hacker will have access to it. The hacker may never be able to access the data if organizational personnel do not leave it vulnerable in the first place.

Data breach incidents caused by unintended disclosure are indeed avoidable, and healthcare CIOs should prioritize preventing data breaches before they occur within their organizations. Executives need to establish and enforce a culture centered around data security where all employees, managers, and executives are aware of the consequences that certain actions can have on their organization’s informational integrity. For example, emails containing private PHI may travel through multiple servers before arriving at their destination. Likely, the sender has no way to confirm that those servers were properly secured to HIPAA compliant standards.

Since email is such a ubiquitous communications tool within most healthcare organizations, a better alternative is needed that can either match or exceed email’s convenience while improving upon its security and delivery capabilities. ETHERFAX’s Secure Exchange Network (SEN) was developed in direct response to the need for a protected, HIPAA compliant document transmission service, and makes use of cloud computing services.

SEN leverages military-grade encryption and hybrid cloud technology to transmit documents directly between any of its 6+ million connected endpoints without ever needing to traverse an external network. This means that, in addition to 100% security, the communications are relayed from sender to receiver without any gray areas in between. All transactions over SEN are also marked as SENt for reporting purposes and provides users with transparent proof that documents were delivered to their intended endpoint without visiting other servers along the way.

Using a virtual document transport service like SEN also comes with built-in reliability and speed. A 50-page document that would traditionally take 30 minutes to send through a legacy fax server can now be sent in seconds. The best part? You don’t need to throw away your existing infrastructure if you don’t want to. Install a plug-and-play A2E device, activate it, and never experience busy inbound faxes again.

Have any questions about how your organization can better secure its communications practices? Contact us today and see how we can help you.

Paul Banco

As CEO of ETHERFAX®, Banco is responsible for the strategic direction of the company and leads technology development, including the patented ETHERFAX and ETHERFAX SEN intellectual property. Banco helped organizations automate their fax server operations. As a visionary, he identified the need to leverage the cloud for secure document delivery and co-founded ETHERFAX in 2009 with other telecom industry veterans.

Check these out too...