Despite health care organizations having spent millions digitizing medical information as a means to increase efficiency and cut costs, the investment into cybersecurity of these electronic medical records has been disproportionately small. In the past several years, a dramatic series of data breaches into health care organizations and insurance companies have exposed these shortcomings, and they appear to be progressively more common. The Department of Health & Human Services Office of Civil Rights, the federal agency overseeing the privacy rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), has already documented more than a thousand data security breaches since its inception. It is no longer a matter of if these breaches will occur, but whether the health care systems are prepared when the breaches occur.
There are three root causes of data breaches: malicious or criminal, system glitches and human error. Most data breaches are malicious or...
