Original Post from BenefitsPro.com

By: Tom Pohl

There are reports of data breaches in the news every week, impacting a range of organizations and industries. These cyberattacks are costing businesses, both large and small, a great deal to resolve — from financial expenses to IT and legal resources to reputation recovery efforts.

According to a new study by the Ponemon Institute, data breaches are costing the health care industry $6.2 billion annually. Nearly 90 percent of health care organizations were victims of a breach in the last two years, raising concern for patients, employees, and others involved in the health care system.

Today, the leading cause of health care data breaches are targeted criminal attacks that seek to place valuable personal information into the hands of malicious actors. The personal information given out to health care organizations can be some of the most valuable to cybercriminals. For example, when enrolling in benefits, the information submitted can include patient names, family history, Social Security numbers, and billing information.

It’s important to also note that not all breaches are malicious. Human error is often a cause of breaches, asCompTia’s International Trends in Cybersecurity report found the 58 percent of security breaches are typically due to human error.

So what can benefits administration technology providers do to keep sensitive data secure from human error and malicious threats?

Conduct extensive user testing on your security systems

Implementing user testing through a third party vendor allows benefits administration technology providers to discover gaps or holes in their security systems. This can be done via a user testing group, which is comprised of individuals trained to discover the predominant methods that cybercriminals would abuse to compromise web-based applications.

The group is given a platform with authorized access and fake scenarios, all set up to act as if the system was running as usual. As these experts go into the system and know what areas to try and hack, the organization is able to develop plans to combat or repair these issues. User testing is similar to proofreading a paper; getting a second set of eyes on a program allows companies to see the full risks of its security system.

Educate employees on cyberthreats

As data breaches become a daily concern for IT departments, educating employees on the risks and dangers of cyberattacks becomes even more of a priority. Benefits administration technology providers need to prioritize educational resources and programs to teach employees how to spot potential cyberattacks, especially as they are handling their customers’ private information.

An effective and simple way to train employees on how to spot strange activity can be done via an email phishing awareness campaign. This involves delivering emails to employees with mocked up links or downloadable materials that, if real, would have the potential to open users’ accounts up to cyberattacks. Organizations should also consistently remind its employees to report any suspicious activity and to change their passwords regularly for a more secure system.

Automate processes to reduce the risk of human error

Recently, Google was in the news for a suffered data breach via its benefits provider. Yet the reason for this incident was human error, in which an email sender accidentally sent a document to the wrong contact. Fortunately for Google, the damage was limited, but human error is not always so forgiving.

With automation, benefits administration technology providers have the ability to decrease the chances of sensitive information getting into the wrong hands. This can be done by sending dummy files before sending the actual files to contacts. Another option is to implement triggers on email accounts when certain information is involved. For example, if a file is attached to the email, prompt the sender to confirm it is the correct file before sending. Implementing automation is a key factor in combatting human errors that could increase the risk of a cyberattack, especially when it comes to personal data.

Beware of the insider threat

While public perception is that these attacks result solely from the actions of malicious hackers outside of an organization, insider threats are a growing and serious concern. Vormetric’s 2015 Insider Threat Report reveals that over 90 percent of U.S. organizations believe they are vulnerable to insider threats such as stolen passwords or email spam. In fact, the National Association of Manufacturers released a statement in April 2016 stating the theft of trade secrets has cost businesses $250 billion per year.

Benefits administration technology may want to go a step further to ensure employees are operating in the correct space. Requiring background checks and limiting access to sensitive data will provide an extra level of security for patient, employee, and others’ personal information.