Cybersecurity is a hot topic in the healthcare industry, largely a result of recent cyberattacks and the potentially catastrophic effects of health information and accessibility risking exposure. Over the past five years, the Health and Human Services’ Office for Civil Rights tracked a 256% increase in large data breaches involving hacking and a 264% jump in ransomware, which denies users access to their data until a ransom is paid1.

 

A recent cyberattack affecting a major health care organization resulted in a weeks-long shutdown, disrupting pharmacy and provider operations with medical groups unable to process or receive payments from insurers and patients, resulting in significant financial challenges and a major backlog of prescriber requests. While DPCs were not heavily affected by this particular cyberattack, it is a clear wakeup call that cyberattacks are on the rise, and protocols must be in place to protect sensitive patient data. 

Compliance Assurance for Direct Primary Care Physicians 

Cyberattacks put patient safety at risk and impact local and surrounding communities that depend on the availability of the local emergency departments, radiology units, or cancer centers for life-saving care2. To prevent cyber attacks and security breaches, it is the responsibility of healthcare companies and practices to conduct regular self-assessments, ensuring HIPAA compliance and cybersecurity. Hint Health recently took this annual assessment requirement a step further, hiring a third-party assessor to complete a full audit on all security controls and systems for an unbiased report. 

 

The voluntary audit substantiated claims that crucial healthcare requirements, in place to protect patients and the business of providing care, are strictly followed at Hint. All Hint devices are encrypted at rest, data is encrypted in transit, access to production systems are based on RBAC, and end point devices are audited by their mobile device manager (MDM) in real-time; in addition, all accesses are audited on a monthly basis, going beyond the quarterly requirement, to ensure a lack of rogue access across all platforms. The third party audit underlines Hint’s strong advocacy and investment  in cybersecurity and HIPAA compliance.

 

Partnering for Success: Proactive Measures by Hint 


At Hint, clients and their patients are paramount; meticulous processes and procedures are in place for DPC physicians, so that they and their patients can be sure health data is secure. 

 

Our clients can be confident that we are meeting HIPAA regulations and their data is safe with us; beyond our own promises, we have an outside party verifying and ensuring that, and we have controls in place to secure data, and notify of any potential security incidents, should that arise.”

– VuDangTran, Head of IT Security at Hint Health

Security breaches often mean major monetary fines, devastation to businesses, especially small-to-medium practices, and can result in potential closure if there is too little cybersecurity liability insurance. According to a report by Deep Watch, in 2024, healthcare companies should anticipate a rise in increasingly sophisticated malware, supply chain attacks, and non-malware cyber assaults, along with increased the abuse of legitimate internet services and AI-driven tactics3

Empowering Direct Primary Care Practices

While healthcare remains a highly visible target for cyber attacks, there are safeguards businesses can take to increase protection for themselves and their patients. 

  • First, ensure your business hasn’t been compromised. Use reliable, verified websites such as “https://haveibeenpwned.com/” to ensure your domains have not been breached. If you do see a breach, change passwords and implement higher security measures.
  • Second, work with partners who you trust and can verify HIPAA compliance. Vendors should provide recent audit reports and attestations from a security perspective to ensure they are meeting or exceeding standards of data protection. While HIPAA does not require certification, businesses are required to perform annual audits. Ensure your partners are utilizing third-party assessment tools to instill confidence and assurance.
  • Third, keep in mind that a business is only as secure as those who work there; ensure employees are undergoing routine HIPAA and security training.

 

Security For Our Clients and Their Patients

Hint is a trusted software partner in the healthcare industry, meeting HIPAA requirements with no noted exceptions or questionable findings. Our real-time monitoring and device management is part of a larger cybersecurity promise to ensure we meet and exceed industry standards, passing that trust along to our clients and their patients. 

 


 

Sources:

  1. Change Healthcare cyberattack having ‘far-reaching’ effects on providers, CybersecurityDive.com
  2. Healthcare Sector Cybersecurity, U.S. Department of Health and Human Services
  3. Observations, Metrics, Trends & Forecast from the Deepwatch