John Shegerian, Co-Founder and Executive Chairman of ERI, the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States, has called the current situation for hospitals and other healthcare organizations fighting to keep their data a “perfect storm.”
“With the massive increases in hardware hacking and cybercrime, the healthcare sector definitely has an uphill battle to fight in terms of protecting its digital data if they are to protect patient privacy and meet all HIPAA regulatory standards,” said Shegerian.
In the second quarter of 2018 alone, 3.15 million patient records were compromised in 142 healthcare different data breaches, according to a recent report from the Protenus Breach Barometer. Plus, 30 percent of these privacy violations involved repeat offenders, indicating that health systems accumulate risk that compounds over time.
“Hardware hacking in particular is an area that an alarming number of organizations are simply not prepared to confront,” added Shegerian. “Even if ‘wiped of data’ in the traditional sense, computers, cell phones, tablets and other devices used in medical scenarios, at the end of their life cycles pose a massive risk. Because the technology that organizations use may contain components that store sensitive information, health-related organizations must take this problem very seriously to avoid exposure and potential HIPAA regulation violations.
HIPAA covered entities and business associates are now required to implement policies and procedures regarding the disposal and re-use of hardware and electronic media containing patient health information. When developing policies and procedures for the final disposition of hardware and electronic media containing patient data, covered entities and business associates must determine and document the appropriate methods to dispose of hardware, software, and the data itself; and ensure that the data is properly destroyed and cannot be recreated.
“Unfortunately, hackers have become more sophisticated, leading to an urgent need for responsible and fully-integrated ePHI and PHI services,” noted Shegerian. “Outdated hardware has increasingly become the target of choice. It is urgent that outdated devices be replaced – and then responsibly destroyed. Here in the US, that process should be done domestically and should always include complete, physical data destruction. The hardware security issue is significant now on a number of levels because it leads to the wholesale liquidation of private data – which puts healthcare organizations at risk of inadvertently violating HIPAA regulations.”
“With hardware hacking and data theft at an all-time high, and with the enormous amounts of personal and medical data at risk, the healthcare industry has become particularly vulnerable – both in terms of maintaining HIPAA regulatory requirements as well as protecting digital privacy in general,” said Kevin Dillon, ERI Co-Founder, Chief Marketing Officer and Chief Sales Officer. “In short, the healthcare industry needs our PHI disposal services more than ever.”