Now that most of the healthcare industry is utilizing electronic health records (EHRs), it has made it easier than ever for patients and providers to capture, analyze, interpret, and share health data. The importance of electronic data in healthcare also means that the prevention of data security breaches in healthcare has never been so important.

How can providers respond to data security breaches in healthcare?

From HIPAA/HITECH privacy and security rules to patient privacy, safety, and trust implications, the consequences of security breaches in healthcare can be catastrophic.

There are four easy steps to consider when trying to prevent data security breaches in healthcare:

So how can healthcare providers prevent, detect, and respond to data security breaches effectively?


Prevention is as much about training and awareness as it is about technology. Today, many attempts to obtain private data come through social engineering tactics – emails that convincingly emulate internal communications in order to make a data security breach seamless.

Other strategies include customer service callers pretending to be authorized users, trying to get login information out of a representative, and even direct thefts from data warehouses with lax in-person security.

To this end, it’s essential that healthcare organizations train their teams to be on the lookout for these tactics – and to be aware of unusual computer activity. Slow network connections or a sudden inability to log in may be signs of network intrusions, and staff should know how to report them. You only need to study the biggest data security breaches in healthcare to realize that effective data security requires awareness on the part of everyone, not just IT teams.

Forming a Data Security Breach Prevention Strategy

The next step is to formulate an overall security strategy that doesn’t overemphasize prevention.

Why? It might seem counterintuitive, but the fact is that intrusion techniques and technologies are constantly evolving. Some organizations throw all of their energy into trying to keep up, and then don’t give much thought to how they’d respond if their prevention measures failed.


So when they experience a data security breach, they’re at a loss for what to do – if they’ve detected the breach in the first place. This kind of data security breach can be especially damaging in the healthcare industry as if prevention measures do fail, a hospital can’t simply shut down – it must find a way to continue providing healthcare.

The difficulty with data security breaches in healthcare is that they can be surreptitious by design and conducted in such a way that organizations might not notice it even once it has occurred. For this reason, it’s important to develop a detection strategy—and a set of practices to follow in the case of a data breach.

Human monitoring, whether by an internal IT team or a third party, is the best way to detect and interpret anomalies on a network. High network traffic at odd hours, for example, or unusual numbers of failed login attempts are key indicators. These are the kinds of red flags that security experts can use to contextualize the event, evaluate its impact, and follow up on in response.


How, then, should providers respond to data security breaches in healthcare?

Firstly, it’s important to contain the situation immediately. If it’s a data breach in healthcare this may mean making some quick decisions. Depending on the situation, it may be appropriate to disconnect affected machines from the network or to leave them connected and observe their activities and better understand the nature and scope of the incident.

If your organization does not have the in-house expertise to evaluate and select the appropriate response, an organization can consider engaging an outside resource such as CyberMaxx which specializes in incident response and forensics.

For most breaches, organizations will have an obligation to report the data exposure to both consumers and regulators. The incident may result in fines or other penalties, so the organization needs to make sure its legal team is kept up to date on the overall incident, and any follow-on actions.

Above all, companies in this position should be direct, clear, and responsive about what has happened, while identifying how the breach occurred, removing any malicious software or means of unauthorized access, and returning to normal operations. Once the situation has passed, companies can reassure users that the network is back to normal and revisit their security strategy to ensure that it is revised in light of the incident.


Data security breaches in healthcare can be disastrous, but if organizations have a comprehensive plan – covering not only prevention but also detection and response – they will be equipped to better protect both themselves and their patients. And if catastrophe does strike, they will be ready to respond effectively, getting back to the business of care as quickly as possible.

Take a look at these 6 questions to ask when creating your incident response strategy to help you understand what your data breach strategy needs to include.