In the healthcare sector in 2016, hackers will continue to threaten systems and networks - and possibly medical devices - while federal and state regulators expand and refine their data security enforcement activities.
Expect to see in 2016 the discovery of more huge cyberattacks similar to those revealed in 2015 by Anthem Inc. and UCLA Health, while other more common culprits - like lost and stolen unencrypted mobile devices - continue to result in many breaches, HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee says in this audio blog (click player beneath image to listen).
"If you have such a breach, don't be shocked to get slammed with a corrective action plan and potentially a six- or seven-digit financial penalty, especially if OCR [Department of Health and Human Services' Office for Civil Rights] or a state attorney general investigates the breach and also discovers you've been lax with security risk analysis," McGee says.
In addition to breach investigations, healthcare sector organizations and their business associates must also prepare for the rollout of the next phase of HIPAA compliance audits in 2016.
In the blog, McGee:
- Explains how organizations in the new year should approach risk analysis;
- Addresses how regulators will focus on the security and safety of medical devices; and
- Discusses how OCR's long-overdue launch of its next phase of HIPAA compliance audits will cover healthcare providers and their business associates.
"It's a new year," McGee says, "so it's a good time to replace some old, bad habits with best practices for effectively safeguarding patient data."