Healthcare organizations collect a myriad of personal data about their patients, from health information to social security numbers and payment details. Digital transformation has allowed healthcare organizations to collect and store more data about their patients, making information more easily accessible to both patients and other healthcare providers and allowing for more personalized experiences. In fact, according to research from Dell EMC, healthcare organizations saw an increase of 878% in health data collection from 2016-2019. While the ability to store and share data has made healthcare delivery more convenient, it has also introduced new cybersecurity threats, and healthcare organizations need to make sure they’re prepared.

In the United States, HIPAA privacy rules protect patients’ sensitive health information such as medical records, but that isn’t the only information healthcare organizations have to worry about guarding. With increasing security and privacy laws across the United States, healthcare organizations could be subject to multiple fines if any sensitive information is compromised — and that includes sensitive payment card details.

 

Quest Diagnostics: The true cost of a data breach

In 2019, medical testing company Quest Diagnostics announced a breach of nearly 12 million patients’ data, making it the second largest healthcare data breach on record. Sensitive information was exposed including social security numbers, payment details and more. The incident was the result of an attack on one of their partners, third-party billing contractor American Medical Collection Agency. But this wasn’t the first breach for Quest — in 2016, the company agreed to pay nearly $200,000 to settle a breach of 34,000 patient records, and following the 2019 breach, another class action lawsuit was filed against the company seeking at least $5 million in damages.

But there are worse consequences for breaches than lawsuits. Data breaches can erode customer trust for long after they are disclosed, resulting in damaged or lost customer relationships. And in the healthcare industry, trust is everything. According to PCI Pal’s research, 21 percent of consumers will stop spending with a company permanently following a breach, and another 62 percent will stop for at least a few months, representing huge potential revenue losses for companies that fall victim to a cybersecurity attack.

 

How PCI compliance can help

According to research from Carbon Black, personal health information has become the most sought after information on the Dark Web, and payment details are close behind — bad news for healthcare organizations and their billing providers alike. But there are steps you can take to ensure your patients’ most sensitive information is kept secure. One of the simplest for protecting patients’ payment details is to descope your organization from the requirements of PCI Compliance. Contact PCI Pal today to learn how our secure payment solutions can descope your company  so that patients can rest assured their information is in good hands.