We all know that security vulnerabilities exist—we read about them in newspapers, hear about them on television, and discuss them with colleagues who have been impacted. The dilemma is…how do we know if we, as health information technology (IT) and security leaders, remain vulnerable, even with seemingly effective preventive measures in place? And are those measures as effective as we think?
Surveys show that many healthcare IT and security specialists face a daily battle: how to render ongoing attacks from cyber-criminals ineffective. How serious is the threat? If you’re one of those affected it can be quite serious, and the implications can be far reaching.
An Epidemic is Brewing
- According to one recent study, nearly half of 400 IT decision-makers in the U.S., France and Great Britain experienced data breaches during the past year.
- Of those affected, the average organization experienced 30 breaches during that time period, many of them serious or potentially devastating.
- From a healthcare IT perspective, records breached cost those organizations up to $1 million to remediate, not to mention time lost.
Now more than ever, the lines between users, devices, services and content are becoming blurred, and the healthcare environment is certainly no exception. Unfortunately, fast access to medical information and collaboration throughout a healthcare enterprise can be costly. Failure to protect patient health information as it bounces between technologies can leave enterprises vulnerable, and failure to both anticipate and prepare for potential attacks by hackers can have serious consequences.
For years, healthcare IT has taken a watch-and-wait approach to breaches, doing far too little and hoping for the best. In the era of vast information, most of it proprietary, that must change. No longer is implementation of data security measures without an informed approach sufficient.
Be smart. Be alert. Here’s how.
Clearly, how the modern healthcare industry evaluates and prioritizes cybersecurity must align with the ever-changing cyber-threat environment. To that end, security must be embedded within a network and platforms in order to facilitate a broad-based security infrastructure that is manageable and measurable. Here are some suggestions:
- Consider digitizing healthcare data in an effort to minimize or eliminate the theft of paper-based information. Reducing the amount of paper data and consider picture archiving and communication system to accommodate objects that cannot be easily digitized are essential.
- Limit access to healthcare data by appointing overseers who control that access; establish serious consequences for those accessing healthcare data without proper authority.
- Consider full disk encryption (FDE). This minimizes the likelihood that healthcare data will be accessed by someone who does not have the capability—or need—to translate it. FDE is installed on new devices and can encrypt all healthcare data added during the lifetime of those devices.
- Many companies use a type of encryption called Object Store, including Walmart, Facebook, and IBM. This encryption was developed by the NSA to store and protect its data. Novarad uses Object Store encryption to protect patient data and ensure that even if obtained, it is useless unencrypted. To learn more about this method, view the video below.
Remember: shifting from a protection to a prevention mindset is essential. By implementing a wide-ranging strategy that secures data and creates identities for all users across all applications and data, enterprises can minimize their exposure while strengthening their overall security position.