The Cyber Tripwire
The Cyber Tripwire
This blog discusses the inherent cybersecurity risks of running a dental practice. What are the risks and what can you do to position yourself for success in the hostile cyber environment.
Blog By:
Dan Gavin
Dan Gavin

Don't Come in Second... or First

Don't Come in Second... or First

2/22/2021 12:08:15 PM   |   Comments: 0   |   Views: 13
Huge Fine:  Premera Blue Cross is the largest health plan in the Pacific Northwest.  They have the dubious reputation of coming in second.  In this case, they were fined the second-largest HIPAA fine to date - $6.9 million dollars.   The confidential information of over 10 million people were exposed.  

HIPAA:   HIPAA is the Health Insurance Portability and Accountability Act. This law gives patients control over their health information but also requires healthcare providers to limit the use of personal health information and holds providers responsible for any inappropriate disclosure of patient information which includes any type of breach.  All healthcare providers are required by law to be HIPAA compliant.

But Wait, There's More:  Going back to Premera Blue Cross, the consequences did not stop at the fines.  They settled a 30 state lawsuit for $10 million.  But wait there’s more!  There was a federal class-action lawsuit that they settled for $74 million.   In addition, the Office of Civil Rights (OCR), who levied the fine, required Premera to perform corrective actions on their cybersecurity strategy.  They were also monitored for two years.
Everybody is Included:  These consequences are not isolated to large companies. Small and medium-sized business have breaches and get fined by the OCR, too.  The difference is the size of the fall-out.  The problem is that most small business can’t survive the fines and lawsuits.   Breaches can happen to any organization.  Actually, before the breach, Premera was warned about their vulnerabilities.  Premera thought, “It can’t happen to us,” but it did.
If you are in the healthcare sector, you can protect yourself.  Providers are required by HIPAA to do a risk assessment.  This assessment is the baseline to develop a cybersecurity strategy.  It includes a data, software, and hardware inventory because you have to know what you have in order to protect it.    Policies need to be developed and implemented.  Contingency plans need to be created and tested.  Physical security is also a part of it.  Of course, there are the technical cybersecurity aspects of protection like firewalls, anti-malware, encryption of data, and endpoint detection.  You should get a cybersecurity professional to assist with your cyber strategy.  Your IT department is focused on functionality, not security.  Have a cybersecurity expert help.
Training:  Of course you can implement physical constraints, administrative policies, and technical measures like those list above and still have a breach if users are not educated and trained.  Training is one of the best defenses organizations can have against hackers.  The best training comes in small “bytes,” about three to five minutes every week or two to keep phishing and safe browsing on the top of the employee’s mind. It is money well spent. 

Transfer the Risk:  Healthcare provides also have the option to transfer the risk of a breach through cyber insurance.  If you were in a flood plain, you would get flood insurance.  Since you are in the cyber world, you should have cyber insurance. The healthcare sector has more vulnerabilities to be concerned about than many other sectors.   Every healthcare provider should look into cyber insurance because you can’t beat the odds forever.

Industry Best Cyber Practices:  According to, 69% of investigations result in corrective action (and fines). If your organization has a breach, the OCR will investigate, but if you are using “industry best practices” and have a solid cybersecurity strategy, you can avoid the fines and monitoring that Premera experienced. 
Total Blog Activity
Total Bloggers
Total Blog Posts
Total Podcasts
Total Videos
Townie Perks
Townie® Poll
Do you still use film?

Sally Gross, Member Services Specialist
Phone: +1-480-445-9710
©2021 Dentaltown, L.L.C., a division of Farran Media, L.L.C. • All Rights Reserved
9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 • Phone:+1-480-598-0001 • Fax:+1-480-598-3450