Health Care Data Breaches Jumped 55% in 2020

Health Care Data Breaches Jumped 55% in 2020

Health Care Data Breaches Jumped 55% in 2020

Health care data breaches and cyber events cost an estimated $13 billion and increased by 55% in 2020, according to a new report that found it takes an average of 236 days for health care firms to recover from breaches.

Cloud security firm Bitglass analyzed data from the U.S. Department of Health and Human Services to find that hacking and IT incidents were the top sources of compromise and lost records last year, causing over 67% of all breaches. The number of data breaches jumped to 599 from 386 in 2019, and the average cost per breached record rose to $499—up from $429.

According to the report, hacking and IT incidents have increased significantly since 2018, causing 91.2% of all breached health care records. During the same period, loss/theft and unauthorized disclosure have remained steady as less-frequent occurrences.

Health Care Cyber Security

“In 2014, lost and stolen devices were the leading causes of security breaches in health care, while hacking and IT incidents were the least common causes,” according to Bitglass. “Today, things have essentially inverted. Each year since 2015, hacking and IT incidents have been exposing more records than any other breach type. These results demonstrate the heightened impact of cybersecurity breaches, the shifting strategies of malicious actors and how health care organizations are grappling with cybersecurity.”

California led the nation in breaches at 49 health care cyber breaches, followed by Texas at 43, New York at 39, and Pennsylvania and Florida at 38. Many of the health care cyber breaches occurring in 2020 were a byproduct of the Blackbaud ransomware attack.

The Department of Health and Human Services (HHS) Office for Civil Rights maintains a tally of reported health care breaches, with 47 new events occurring since Jan. 1. The 32 events reported in January 2021 were well below the 62 reported in December 2020, according to an analysis conducted by the HIPAA Journal. One of those January breaches occurred at the Florida Healthy Kids Corporation due to unpatched software vulnerabilities at a third-party IT vendor. The breach is estimated to have occurred over a seven-year period, involving names, birthdates, email addresses, telephone numbers, addresses, Social Security numbers, insurance information and significant financial information.

Medical Office Insurance

Cybersecurity for hospitals and health care organizations remained a key theme of 2020, as providers struggled to keep pace with both the COVID-19 pandemic and cyber threats.

The HHS numbers do not necessarily capture the full picture of ransomware’s impact on hospitals around the world and, in the last quarter of 2020, the threat only worsened, according to a report from Check Point. The trend is not isolated to the United States—two French hospitals recently fell victim to ransomware.

Since November 2020, Check Point observed a 45% increase in attacks against health care organizations around the world compared to a 22% increase against other sectors. While attacks also include botnets, DDoS and other hacks, ransomware is showing the biggest increase, according to the firm, with the Ryuk ransomware strain particularly prevalent.

The major motivation for threat actors with these attacks is financial. They are looking for large amounts of money, and fast.

“It seems that these attacks have paid off very well for the criminals behind them over the past year, and this success has made them hungry for more,” according to Check Point. “It is also important to note that unlike common ransomware attacks—which are widely distributed via massive spam campaigns and exploit kits—the attacks against hospitals and health care organizations using the Ryuk variant are specifically tailored and targeted.”

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive healthcare office insurance quote!

Physical Therapy Going High-Tech

Physical Therapy Going High-Tech

Physical Therapy Going High-Tech

Traditional physical therapy is being challenged by an aging population, an aging working population, on-demand expectations of consumers, and patient accessibility issues. The good news is technology is making PT much easier to deliver and tailor to the changing preferences of patients. But with that technology comes different risks that you’ll need to consider as you accommodate your clientele. What you need to know about physical therapy going high-tech during the pandemic.

Heightened awareness of the dangers of pain medications, especially opioids, and the expansion of many health insurance programs to include physical therapy as a covered treatment for chronic pain could increase business at your PT practice. As welcome as a growing clientele is, it comes with new demands for nontraditional treatment methods, including telemedicine, virtual reality therapies and in-home care. Some practices are using a combination of all three!

Depending on the technology you choose, you may need to reassess your professional liability, workers’ compensation insurance and commercial auto insurance policies as well as your overall employee training and safety measures. Let’s look at a few of the tech-enabled therapy options and their associated risks.

Physical therapy going high-tech

Telemedicine and Physical Therapy

Telehealth — medical service provided by telephone — isn’t generally reimbursable for physical therapists under Medicare and Medicaid, so providers must be very careful about furnishing telemedicine to patients covered under those programs.

For patients in group health plans or other commercial insurance, payment varies as do permissible treatments and locations of treatment, so check with the payer before initiating services, according to the American Physical Therapy Association.

That said, school districts have, since the shutdown due to COVID-19, been looking for ways to provide special education students with occupational and physical therapy remotely. Other institutions have sought similar remote access to services.

In April 2020, the Centers for Medicare and Medicaid Services (CMS) temporarily changed rules governing home health agencies’ use of telehealth, allowing for expanded use of and reimbursement for telephonic physical therapy. But you must verify that these regulatory waivers are still in place and that your particular services and patients qualify.

Those physical therapists working via telephone should do a full assessment of the professional services liability exposures they may have, such as misdiagnosis, accessibility issues for those with hearing or speech problems, and verification of a patient’s comprehension of the therapist’s instructions.

Your practice should also work with your insurance professional to ensure your professional liability insurance covers telehealth. Additionally, it’s possible your practice will need to develop liability and informed consent clauses or forms for your clients to sign.

Virtual Reality Therapies

Physical therapists often spend a substantial amount of time coaching patients past mental and emotional barriers that block initiation of or progress in recovery. Virtual reality tools can help them overcome those obstacles by immediately engaging them in a gamified world that eliminates the distractions and fears of interpersonal relationship building and trust.

For example, patients who enter therapy believing they can’t perform certain daily tasks, like making a bed or buying groceries, are frequently willing to try these activities in virtual reality (VR) mode much sooner than in the real world. Through VR, they find — in the privacy of their home or therapist’s office — that they can accomplish movement or endeavors they thought were not possible.

Important to note are the risks that can be involved in VR and gaming. A neurological assessment and coordination with other caregivers can provide crucial contraindications or impediments that should be considered.

Online Consultations

More online physical therapists are cropping up each week. They use videoconferencing, online coaching, apps that track recovery, and emailed exercises. The typical program begins with a clinical assessment (some done online), followed by a classification or diagnosis, a treatment plan, and some sort of monitoring and follow-through to gauge progress or completion of the regimen.

If equipment is needed, the therapist provides the prescription and resources, most of which can be ordered online. It’s important to check with the patient’s insurer to ascertain requirements for payment, because many mandate some in-person contact between the patient and the clinician, even if treatment will be delivered online. And, as always, the therapist’s insurance contract must be reviewed to assure that the firm’s professional liability coverage applies to online services.

A cyber risk insurance policy that includes business income loss will also be important for therapists working online. Breach of patient data and a shutdown of provider computer networks can generate expensive claims.

Physical therapy going high-tech

In-home Care for Physical Therapy Going High-tech

While CMS rules limit payment for in-home physical therapy to patients meeting very specific criteria, many insurers are more liberal. It may even be possible to conduct therapy in a person’s office or other institutional setting. And, of course, many senior-living residences and nursing homes routinely contract with physical therapists for on-site visits.

Whenever your employees conduct out-of-office treatment, you must be aware of the potential risks that differ from those for in-office care. Injury to and illness of your therapists caused by animals, obstacles and other humans are a specific safety concern that should be discussed with your workers’ compensation insurance professional. Special training may be required to avoid harm. If any employees begin crossing state lines to serve a patient, that will require an adjustment to your workers comp policy.

You’ll also bear greater responsibility for employee travel, even if they use their own vehicle. A commercial auto policy can be written to cover both company cars and the use of private automobiles, so be sure your insurance doesn’t have gaps for what are termed “non-owned vehicles.”

And since therapists will likely carry company equipment with them when visiting patients, you should consider an inland marine insurance policy so gear that is stolen, damaged or lost in transit has coverage.

Other Tech Aids for Physical Therapy Going High-tech

Remember that technology in your office supports your mobility and accessibility. That includes computer systems that store and crunch data as well as communications networks, video recorders, and virtual reality goggles and implements.

Your business continuity and disaster response plans should reflect your technological capabilities and loss exposures. With all systems and protections in place, your therapists should be able to reach an ever-wider clientele — safely for all.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive physical therapy insurance quote!

Cleaning and Disinfection of Households Amid COVID-19

Cleaning and Disinfection of Households Amid COVID-19

Cleaning and Disinfection of Households Amid COVID-19

This guidance provides recommendations on the cleaning and disinfection of households where persons under investigation or those with confirmed COVID-19 reside or may be in self-isolation. These guidelines are focused on household settings and are meant for the general public.

This article compiles expert guidance from the Centers for Disease Control and Prevention (CDC).

Important terms to know:

  • Cleaning refers to the removal of germs, dirt and impurities from surfaces. It does not kill germs, but by removing them, it lowers their numbers and the risk of spreading infection.
  • Disinfecting refers to using chemicals, for example, EPA-registered disinfectants, to kill germs on surfaces. This process does not necessarily clean dirty surfaces or remove germs, but by killing germs on a surface after cleaning, it can further lower the risk of spreading infection.
Cleaning and Disinfection of Households

General Recommendations for Routine Cleaning and Disinfection of Households

Community members can practice routine cleaning of frequently touched surfaces (for example: tables, doorknobs, light switches, handles, desks, toilets, faucets, sinks and electronics (see below for special electronics cleaning and disinfection instructions) with household cleaners and EPA-registered disinfectants that are appropriate for the surface, following label instructions. Labels contain instructions for safe and effective use of the cleaning product including precautions you should take when applying the product, such as wearing gloves and making sure you have good ventilation during use of the product.

For electronics, follow the manufacturer’s instructions for all cleaning and disinfection products. Consider use of wipeable covers for electronics. If no manufacturer guidance is available, consider the use of alcohol-based wipes or spray containing at least 70% alcohol to disinfect touch screens. Dry surfaces thoroughly to avoid pooling of liquids.

General Recommendations for Cleaning and Disinfection of Households With People Isolated in Home Care (e.g., Suspected/Confirmed to Have COVID-19)

Household members should educate themselves about COVID-19 symptoms and preventing the spread of COVID-19 in homes. CDC recommendations include:

  • Clean and disinfect high-touch surfaces daily in household common areas (e.g. tables, hard-backed chairs, doorknobs, light switches, phones, tablets, touch screens, remote controls, keyboards, handles, desks, toilets and sinks).
    • In the bedroom/bathroom dedicated for an ill person: Consider reducing cleaning frequency to as-needed (e.g., soiled items and surfaces) to avoid unnecessary contact with the ill person.
  • As much as possible, an ill person should stay in a specific room and away from other people in their home, following home care guidance.
  • The caregiver can provide personal cleaning supplies for an ill person’s room and bathroom, unless the room is occupied by child or another person for whom such supplies would not be appropriate. These supplies include tissues, paper towels, cleaners and EPA-registered disinfectants (see examples).
  • If a separate bathroom is not available, the bathroom should be cleaned and disinfected after each use by an ill person. If this is not possible, the caregiver should wait as long as practical after use by an ill person to clean and disinfect the high-touch surfaces.
  • Household members should follow home care guidance when interacting with persons with suspected/confirmed COVID-19 and their isolation rooms/bathrooms.
  • Wear disposable gloves when cleaning and disinfecting surfaces. Gloves should be discarded after each cleaning. If reusable gloves are used, those gloves should be dedicated for cleaning and disinfection of surfaces for COVID-19 and should not be used for other purposes. Consult the manufacturer’s instructions for cleaning and disinfection products used. Clean hands immediately after gloves are removed.
Cleaning and Disinfection of Households

Cleaning and Disinfection of Households Hard (Nonporous) Surfaces

  • Wear disposable gloves when cleaning and disinfecting surfaces. Gloves should be discarded after each cleaning. If reusable gloves are used, those gloves should be dedicated for cleaning and disinfection of surfaces for COVID-19 and should not be used for other purposes. Consult the manufacturer’s instructions for cleaning and disinfection products used. Clean hands immediately after gloves are removed.
  • If surfaces are dirty, they should be cleaned using a detergent or soap and water prior to disinfection.
  • For disinfection, most common EPA-registered household disinfectants should be effective.
    • A list of products that are EPA-approved for use against the virus that causes COVID-19 is available here. Follow manufacturers’ instructions for all cleaning and disinfection products  (e.g., concentration, application method and contact time).
    • Additionally, diluted household bleach solutions (at least 1,000 ppm sodium hypochlorite, or concentration of 5%–6%) can be used if appropriate for the surface. Follow manufacturers’ instructions for application, ensuring a contact time of at least one minute, and allowing proper ventilation during and after application. Check to ensure the product is not past its expiration date. Never mix household bleach with ammonia or any other cleanser. Unexpired household bleach will be effective against coronaviruses when properly diluted.
  • Prepare a bleach solution by mixing:
    • 5 tablespoons (1/3 cup) bleach per gallon of room temperature water, or
    • 4 teaspoons bleach per quart of room-temperature water.
  • Bleach solutions will be effective for disinfection up to 24 hours.

How to Clean and Disinfect Soft (Porous) Surfaces

For soft (porous) surfaces such as carpeted floor, rugs and drapes, remove visible contamination if present and clean with appropriate cleaners indicated for use on these surfaces. After cleaning, launder items as appropriate in accordance with the manufacturer’s instructions. If possible, launder items using the warmest appropriate water setting for the items, and dry items completely.

Cleaning and Disinfection of Households

How to Clean and Disinfect Electronics

For electronics such as cellphones, tablets, touch screens, remote controls and keyboards, remove visible contamination if present.

Other recommendations include:

  • Follow the manufacturer’s instructions for all cleaning and disinfection products.
  • Consider the use of wipeable covers for electronics.
  • If no manufacturer guidance is available, consider the use of alcohol-based wipes or sprays containing at least 70% alcohol to disinfect touch screens. Dry surfaces thoroughly to avoid pooling of liquids.

How to Clean and Disinfect Linens, Clothing and Other Items That Go in the Laundry

Wear disposable gloves when handling dirty laundry from an ill person, and then discard after each use. If using reusable gloves, those gloves should be dedicated for cleaning and disinfection of surfaces for COVID-19 and should not be used for other household purposes. Clean hands immediately after gloves are removed.

Here is additional guidance:

  • If no gloves are used when handling dirty laundry, be sure to wash hands afterwards.
  • If possible, do not shake dirty laundry. This will minimize the possibility of dispersing the virus through the air.
  • Launder items as appropriate in accordance with the manufacturer’s instructions. If possible, launder items using the warmest appropriate water setting for the items, and dry items completely. Dirty laundry from an ill person can be washed with other people’s items.
  • Clean and disinfect clothes hampers according to guidance above for surfaces. If possible, consider placing a bag liner inside that is either disposable (can be thrown away) or can be laundered.
Cleaning and Disinfection of Households

Hand Hygiene and Other Preventive Measures

Household members should clean hands often, including immediately after removing gloves and after contact with an ill person, by washing hands with soap and water for 20 seconds. If soap and water are not available and hands are not visibly dirty, an alcohol-based hand sanitizer that contains at least 60% alcohol may be used. However, if hands are visibly dirty, always wash hands with soap and water.

Household members should follow normal preventive actions while at work and home, including recommended hand hygiene and avoiding touching eyes, nose and mouth with unwashed hands.

Additional key times to clean hands include:

  • After blowing one’s nose, coughing or sneezing
  • After using the restroom
  • Before eating or preparing food
  • After contact with animals or pets
  • Before and after providing routine care for another person who needs assistance (e.g., a child)

Other considerations:

  • The ill person should eat/be fed in their room, if possible. Non-disposable food service items used should be handled with gloves and washed with hot water or in a dishwasher. Clean hands after handling used food service items.
  • If possible, dedicate a lined trash can for the ill person. Use gloves when removing garbage bags, and handling and disposing of trash. Wash hands after handling or disposing of trash.
  • Consider consulting with your local health department about trash disposal guidance, if available.
GDI Insurance

California’s Leader in Insurance and Risk Management

As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive insurance quote!

Cyber Security Threats to Medical Offices

Cyber Security Threats to Medical Offices

Cyber Security Threats to Medical Offices

Cyber security threats to medical offices, health care organizations and patient safety are real. Health information technology, which provides critical life-saving functions, consists of connected, networked systems and leverages wireless technologies, leaving such systems more vulnerable to cyber-attack. Recent highly publicized ransomware attacks on hospitals, for example, necessitated diverting patients to other hospitals and led to an inability to access patient records to continue care delivery. These cyber-attacks expose sensitive patient information and lead to substantial financial costs to regain control of hospital systems and patient data. From small, independent practitioners to large, university hospital environments, cyber-attacks on health care records, IT systems, and medical devices have infected even the most hardened systems.

Medical Offices and Health Care Organizations Need To Make Cyber Security a Priority

Given the increasingly sophisticated and widespread nature of cyber-attacks, the health care industry must make cyber security a priority and make the investments needed to protect its patients. Like combating a deadly virus, cyber security requires mobilization and coordination of resources across myriad public and private stakeholders, including hospitals, IT vendors, medical device manufacturers, and governments (state, local, tribal, territorial, and federal) to mitigate the risks and minimize the impacts of a cyber-attack. The U.S. Department of Health and Human Services (HHS) and the Health Care and Public Health (HPH, Health Sector, Health Care Industry) sector are working together to address these challenges. Cyber security threats to medical offices happen more often then you think.

Biggest Cyber Security Threats To Medical Offices and Health Care Organizations

Being aware of cyber security threats to medical offices can be helpful in the fight against data breaches.

  • E-mail phishing attacks
  • Ransomware attacks
  • Loss or theft of equipment or data
  • Insider, accidental or intentional data loss
  • Attacks against connected medical devices that may affect patient safety

Download our Health Industry Cyber Security Practices Guide

Health Care Cyber Security

This guide reviews:

  • E-mail protection systems
  • Endpoint protection systems
  • Access management
  • Data protection and loss prevention
  • Asset management
  • Network management
  • Vulnerability management
  • Incident response
  • Medical device security
  • Cyber security policies

The entire publication considers the recommendations made by HHS divisions including, but not limited to, the Assistant Secretary for Legislation, the Assistant Secretary for Public Affairs, the Assistant Secretary for Preparedness and Response, the Centers for Medicare and Medicaid Services, the Food and Drug Administration, the Office for Civil Rights, the Office of the Chief Information Officer, the Office of the General Counsel, the Office of the Inspector General, and the Office of the National Coordinator for Health Information Technology, as well as guidelines and practices from DHS and NIST

Why Should You Worry About Cyber Security and Take Action Now?

cyber security threats to medical offices

Health care organizations are committed to providing the very best care to their patients. While the thought of risking patient safety to a cyber-attack is terrifying for any health care professional, it can be difficult to justify investments in cyber security when there are pressing opportunities to invest in equipment, materials, training, and personnel, which more visibly relate to patient care. Cyber security threats to medical offices need your attention

According to a study from IBM Security and the Ponemon Institute, the cost of a data breach for health care organizations rose from $380 per breached record in 2017 to $408 per record in 2018.8 Across all industries, health care has the highest cost for data breaches.

Most health care personnel are experts at identifying and eradicating viruses in patients, not computers. Cyber security has expanded the scope of patient wellness to include protecting the technology, networks, and databases that enable uninterrupted and accurate patient care. This includes securing computer systems, protecting data and training personnel to be cyber-vigilant.

Cyber attacks disrupt health care personnel’s ability to provide life-changing and life-saving capabilities.

Cyber security threats to medical offices

Can a Cyber Attack Happen To My Medical Office?

It is tempting for those who own a health care practice or are part of a small-to-medium–sized health care organization to think that cyber attacks only affect large hospitals and health care organizations. The reality is that cyber-attacks are indiscriminate and adversely affect healthcare practices of every size and specialization. The IBM X-Force Threat Intelligence Index 2017, a recent study designed to track cyber security incidents around the globe, identified the top-targeted cyber attack industries, stating: “It is worth noting that the health care industry, which fell just outside the top five in terms of records breached, continued to be beleaguered by a high number of incidents. However, attackers focused on smaller targets, resulting in a lower number of leaked records in that industry.”

Cyber security threats to medical offices

The “smaller targets” mentioned in the report may include small or medium-sized organizations. Hackers look for targets that require the least time, effort, and money to exploit. Do not make the mistake of thinking that your practice, no matter how small, is not a target for indiscriminate cyber-attacks. Malicious actors will always exist. Whether you are a small-practice physician or the chief information security officer (CISO) of a large health care entity, your job is to make it difficult for these attackers to succeed.

GDI Insurance Agency, Inc.

California’s Leader in Insurance and Risk Management

As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive medical office insurance quote!