Health Data Breach Tally Update: 2020 Trends
Email-Related Incidents Continue to Dominate, But Other Breaches Still Popping Up
… Among important steps is conducting a risk assessment of business associates and vendors, says Tom Walsh, president of consultancy, tw-Security.
“The assessment should focus on prevailing safeguards and controls for data privacy and information security rather than on HIPAA compliance,” he notes. “The assessment should include validation of selected controls, which could be achieved through screen shots or sharing of desktops. Most teleconferencing tools allow for screen sharing.”
Also, when selecting a business associate or a vendor, Walsh says, “keep in mind that ‘low bid’ may not always produce the best results in the long run,” Companies that are the lowest bid may be running the organization on a tight budget – therefore, not allocating the funds needed to secure and protect a covered entity’s data.”
Walsh says one of the most important steps that entities can take to help avoid falling victim to phishing schemes and other email-related breaches is implementing multifactor authentication.
“There is a lot of PHI and personally identifiable information that is passed through email,” he notes. “Most often, organizations think that their internal email is secure – which is true while working within the confines of their facility. However, today’s web technology allows access to email from any device, from anywhere, at any time. That’s fine, as long as the access is through secure, multifactor authentication.”