Baton Rouge-based TraceSecurity has introduced a free tool to help small and rural health care organizations determine how much risk they face for a data security breach.

The free security risk assessment tool is based off a program developed by the U.S. Department of Health and Human Services, said Ryan Castle, chief operations officer for TraceSecurity. The company made it user-friendly, so people who don’t deal with online security can conduct the assessment.

“This is a way to protect data and get as many people involved as we can,” Castle said. This week, the company participated in a Google-sponsored health tech conference in New York and launched a new campaign, The Protect Patient Data Project. The company is introducing the service in the hope that after businesses evaluate their risk, they contract with TraceSecurity to develop a solution.

Small and rural organizations are at the most risk of a data breach. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) providers could face fines of up to $50,000 per patient record accessed by hackers. That could bankrupt an organization, he said.

The problem is that health care data is extremely valuable. Castle said he’s seen this information trading on the black market for $60 per patient, which is 50 times more than the going rate for the names and Social Security numbers traditionally accessed from retail and financial transactions.

“You have attackers that don’t care if they’re targeting a giant system or a small rural clinic, they all look the same,” he said. “So they need the same security the big organizations do, but they do not have the same resources to bear.”

The number of ransomware attacks on health care organizations, where malicious software blocks access to data until a sum of money is paid, is expected to increase fivefold by 2021. According to TraceSecurity, health care already is attacked twice as much as other industries by people seeking to illegally obtain data.

TraceSecurity said while much of the attention is focused on protecting giant health care companies, there are opportunities to work with underserved segments, such as medical technology companies and businesses that build telemedicine apps. “There’s a big opportunity for us to make an impact there,” Castle said.