Trust is Key in Healthcare – You Can’t Afford a Breach

Healthcare organizations collect a myriad of personal data about their patients, from health information to social security numbers and payment details. Digital transformation has allowed healthcare organizations to collect and store more data about their patients, making information more easily accessible to both patients and other healthcare providers while allowing for more personalized experiences. In fact, according to research from Dell EMC, healthcare organizations saw an increase of 878% in health data collection over a three-year time period. While the ability to store and share data has made healthcare delivery more convenient, it has also introduced new cybersecurity threats, and healthcare organizations need to make sure they’re prepared.

In the United States, HIPAA privacy rules protect patients’ sensitive health information such as medical records, but that isn’t the only information healthcare organizations have to worry about guarding. With increasing security and privacy laws across the United States, healthcare organizations could be subject to multiple fines if any sensitive information is compromised — and that includes sensitive payment card details. Many states are now implementing their own regulations for data privacy, and the rest of the US will continue to follow suit.

Quest Diagnostics: The true cost of a data breach

We see healthcare organizations suffer the cost of data breaches all too regularly. For example, medical testing company Quest Diagnostics announced a breach of nearly 12 million patients’ data, making it the second largest healthcare data breach on record. Sensitive information was exposed including social security numbers, payment details, and more. The incident was the result of an attack on one of their partners, third-party billing contractor American Medical Collection Agency. But this wasn’t the first breach for Quest — in 2016, the company agreed to pay nearly $200,000 to settle a breach of 34,000 patient records, and following the 2019 breach, another class-action lawsuit was filed against the company seeking at least $5 million in damages.

But there are worse consequences for breaches than lawsuits. Data breaches can erode customer trust long after they are disclosed, resulting in damaged or lost customer relationships. And in the healthcare industry, trust is everything. According to PCI Pal’s research, 21 percent of consumers will stop spending with a company permanently following a breach, and another 62 percent will stop for at least a few months, representing huge potential revenue losses for companies that fall victim to a cybersecurity attack. Consumers are looking for organizations to be held accountable and to take a proactive responsibility in protecting the data required of them to provide. Building patient or customer trust begins with having the right strategy in place.

How PCI compliance can help

According to research from Carbon Black, personal health information has become the most sought after information on the Dark Web, and payment details are close behind — bad news for healthcare organizations and their billing providers alike. But all hope is not lost. There are steps you can take to ensure your patients’ most sensitive information is kept secure. One of the most straightforward and recommended ways for protecting patients’ payment details is to descope your organization from the requirements of PCI Compliance. Descoping ensures that in case of a breach, patients’ sensitive information is never stored, meaning it cannot be compromised. Dive deeper into descoping here, or take the next step and contact PCI Pal today to learn how our secure payment solutions can descope your company so that patients can rest assured their information is in good hands.