No company is immune to data breaches, regardless of size. Protecting sensitive and regulated data has many facets, and in this case, a crucial one has fallen. Based on what we’ve learned from news sources such as the Detroit Free Press, a breach of a Detroit-based mailing service may have exposed the personal information of 600,000 medical patients.
Since the mailing company, called Wolverine Solutions Group, is a vendor to multiple different healthcare organizations, they are a prime target for hackers. According to the press, the following organizations were confirmed impacted:
- Beaumont Health
- Covenant HealthCare
- Blue Cross Blue Shield of Michigan
- McLaren Health Care
- Three Rivers Health
- North Ottawa Community Health System
- Warren General Hospital
- and the University of Pittsburgh Medical Center Kane
The sheer scale of what the intruders were able to accomplish is key to pay attention to here. Here are some key takeaways:
We share valuable information on our blog, and we want to make sure you get it while it's hot. Subscribe for a monthly summary of our new free tips!
You have Successfully Subscribed!
Providers need to choose their partners wisely
If you’re a medical provider or any other trusted guardian of sensitive data, you need to choose your partners carefully. They should always be screened to ensure that they have comprehensive cybersecurity and compliance programs in place. Further, your company’s cybersecurity practice should include routinely auditing your partners and vendors to ensure that they are always meeting your cybersecurity standards.
Partners need to ensure their cybersecurity programs are up to snuff
All companies that handle any personal data about individuals should take care in protecting it. If you handle regulated PII or ePHI (HIPAA) data, you need to be even more concerned. Cybersecurity and compliance are ever-changing items that are very difficult to keep up with. Your organization should have effective cybersecurity and compliance programs that keep up and include:
- RIsk assessments completed no less than annually that go over both the technical and operational requirements of your compliance standard
- A risk remediation plan based on the finding of each risk assessment
- A comprehensive, diverse, and multi-layered suite of cybersecurity tools designed to protect from intrusion at all angles
- Clear documentation on policies and procedures, understood by your team
- Regular, digestible cybersecurity training programs that keep your team able to respond to modern threats
If you’re worried that your compliance program isn’t up to snuff, get in touch with us right now about Stellar IT Comply – our comprehensive Managed IT and Consulting service for compliance sensitive entities.