How to protect information in a data-driven healthcare system

Security has always been a top-of-mind concern for healthcare organizations because of the critical and confidential nature of the information they generate and house. As a data-driven industry, this makes healthcare a major target for hackers, largely because security hasn’t kept pace with technological advances.

Tight budgets, tighter regulations, and rapid advances in patient care have all contributed to a security gap. Budget crunches and scarce resources can prevent healthcare organizations from having enough money to provide proper security.

Healthcare providers put sensitive data at risk every day when they:

• store and transmit patient health records and sensitive data, such as Social Security numbers.
• connect physicians and patients via apps and internet portals, and
• connect medical devices to the Internet of Things (IoT) and stream their readings.

This technology offers great opportunities to improve patient-centered care, but it also makes healthcare a hacker’s paradise.

Although there are plenty of reasons for healthcare’s susceptibility to hacking, that doesn’t absolve healthcare leaders and technology professionals from doing everything possible to shore up their defenses (as they should).

The most common authentication method in most healthcare organizations today remains the tried and true username/password combination. However, even with strong password policies in place (character limits, alphanumeric requirements and automatic expiry) they’re still not quite good enough to prevent a determined attacker. Two-factor authentication ensures an additional protection layer is in place, often in the form of a physical or biometric control, such as swipe cards, security tokens, finger print scanners, or facial recognition.

Data backup is crucial for protecting your business’s continuity. If your only backup is on a single desktop/laptop computer or mobile device and it’s lost or stolen, your business data is gone. In the event a security breach occurs, ensuring a reliable backup copy of your data is available, and a well-tested recovery plan is in place, can minimize the impact and allow operations to continue with minimal, if any, interruption in care delivery.

A top of mind concern for IT departments is secure encryption of data when it’s in transit – especially if it will be leaving the secure network to an outside location, such as a referring physician’s office or even a patient portal. While this protects the movement of data, too often when the data is sitting idle in storage it is unencrypted, and therefore unprotected should an access breach occur. Encrypting data at rest provides an additional layer of security that would prevent a would-be intruder from deciphering or distributing the data in any meaningful way, even if they were to gain access.

Another common issue within many healthcare organizations is the lack of true security expertise within the IT team. Due to budget constraints, many IT personnel are called upon to be ‘jacks of all trades’, mastering storage, server and workstation hardware, virtualization, software management and more – all in addition to setting up and managing network and software security management. Each of these are considered a professional discipline in themselves and require continuous education and practical experience to execute well. In order to ensure your data and systems are well protected it is necessary to engage a security expert.

It’s important to keep in mind that while security is a ubiquitous requirement across the healthcare industry, like many other facets of healthcare IT, it does not offer a once-size-fits-all solution. Selecting and implementing security controls that will work best for your organization requires a thoughtful analysis of your current operations and policies to identify critical integration points and potential vulnerabilities, and inform a complete, tailored security strategy to protect your business and patients.

Engage an expert resource today. Contact Plow Networks.

Follow Plow: Twitter, LinkedIn, Facebook, and Instagram