GDPR has been the trigger for highlighting the different types of data that businesses hold on individuals. Detailed PII is critical to running a successful healthcare practice. Do you know the importance of the data that you hold?
The different types of personal identifiable information
Personal identifiable data is any information that is specific to an individual that means anyone could identify them. There are three types of data that a healthcare practice will hold.
General – This is likely the most common data sets that businesses hold. It includes information such as names, email, address, and perhaps driver’s licence and passport numbers.
Personal financial information – Financial data is highly significant to each of us. Losing this data can cause significant distress and lead to huge losses. It includes bank account and credit card details, and details of transactions that identify the source and recipient.
Personal sensitive information – This is often the information that cannot be changed about an individual and therefore is highly lucrative to Cyber criminals. Healthcare practices will likely hold a lot of sensitive information, such as medical history, physical and mental health, and NHS ID. It could also include race, religion, sexual orientation and criminal convictions.
Why is sensitive data so important?
While it is clearly important to keep general and financial information of individuals safe from cyber criminals, sensitive data is in fact even more important.
Although details of credit cards and bank accounts could lead to significant losses for someone, once you have put a stop to the fraud you can change all your banking details. However, with medical records this is not the case. You can’t simply change your history. This is what makes Cyber attacks on medical and dental practices worthwhile for hackers.
How protected is your healthcare practice?
Dental and medical practice owners have the huge task of keeping their practices running smoothly. While many practices are good at maintaining IT security and implementing patches, the weakest link in the chain is still people.
According to the government’s Cyber Security Breaches Survey 2019, phishing attacks, impersonating an organisation in email or online are the two top Cyber threats to businesses today.
The risks of a Cyber attack
The threat of an attack is far reaching. Risks include:
- Financial losses for you and patients
- Investigations and fines from regulatory bodies
- Potential legal action
- Reputational damage
- Time spent on reporting and fixing issues relating to a breach
- Loss of patients
With losses from Cyber attacks continuing to rise, in essence healthcare practices need full protection – IT security and good internal practices.
Cyber liability insurance
While you may have in place good IT security and risk management processes within your practice or group, no system is perfect – and Cyber hackers are developing new techniques all the time.
Choosing a good Cyber liability policy that has been designed specifically for the healthcare industry will provide you with the tools needed to mitigate risks, and the support required in the unfortunate event of a breach.
Find out more about Cyber insurance to protect your practices financially in the event of a breach.