HIPAA and Data Breaches: The Million-Dollar Rising Threat in the Health Industry

The healthcare industry is a prime target for cybersecurity attacks and data breaches. According to IBM, it had the highest average cost of data breaches at $10.10 million in 2022. Similarly, this year, a healthcare business in California agreed to a $5 million settlement due to the exposure of medical records. With these recurring issues, healthcare institutions must secure sensitive information, review processes regularly, and promptly notify relevant parties of any data breaches, as part of the industry’s regulations such as HIPAA.

HIPAA stands for Health Insurance Portability and Accountability Act and is a federal law that sets the standards for protecting sensitive patient data. It requires healthcare institutions to implement appropriate administrative, physical, and technical safeguards to guarantee the confidentiality and availability of Protected Health Information (PHI). In recent years, some common HIPAA violations include:

  • Failure to detect unauthorized access to PHI
  • Failure to manage security risks to PHI
  • Insufficient PHI access controls
  • Improper disposal of PHI and ePHI

Essentially, healthcare institutions face a challenging task when it comes to preventing, resolving, and controlling PHI. Some of these risks can be mitigated by effectively working with strategic business partners. For example, certified ITAD companies can help resolve problems such as improper disposal of electronic Protected Health Information (ePHI). At CDRGlobal, our clients from the healthcare industry are provided with services such as:

  1. Certificates of data destruction: Providing digital documents to verify the proper disposal of sensitive information.
  2. Video-tape of on-site hard drive destruction: Ensuring that all procedures are HIPAA compliant and aligned with industry requirements.
  3. Witnessed on-site hard drive destruction: Verified by trained and specialized personnel.
  4. On-site hard drive sanitization: Guaranteeing all data sanitization is completed in a secured facility.
  5. Secure shipping: Allowing for constant vigilance and tracking of the equipment.

Data breaches and the proper disposal of ePHI can be managed by working with certified and trustworthy ITAD companies. Healthcare institutions must take the necessary measures to protect their PHI and reduce future risks. At CDRGlobal, our services are designed to help healthcare institutions provide peace of mind and reduce million-dollar threats.


See how our team is serving clients and making impacts in the ITAD industry.
  • Case Studies

    Case Study: How Two School Districts Turned Retired IT Assets into Revenue with CDR Global

  • Solutions

    The Importance of Cyber Security Awareness Training

We want to provide you with the solutions needed to get the job done.