This week, U.S. healthcare organizations celebrate Patient Safety Awareness Week,which is traditionally focusedon reducing patient harm during on-site medical care. What many fail to consider is that information security is also a critical component of patient safety. An organization’s inattention to cybersecurity can be dangerous to patients, affecting their safety, identity and financial welfare.
IBM predicts the healthcare industry will see a growing number of data security threats in 2017, with exploitable information in electronic health records (EHR) continuing to fetch a high price on the black market. Regardless of the constant pressure put on healthcare organizations to lower healthcare costs for consumers, the industry simply cannot afford to skimp on cyber security.
Here are three considerations for healthcare leaders seeking to better protect their patients’ information, finances and safety:
Inspire a security-first company culture.
IBM reports that 68 percent of all network attacks targeting the healthcare industry came from insider threats. Two-thirds of these attacks resulted from unsuspecting employees who fell victim to phishing scams, misconfigured servers, lost laptops, etc. For this reason, it is imperative that organizations within the industry establish a security-first culture that starts from the top-down. Business leaders must set a good example by taking responsibility for turning data security into one of their organization’s core values. Through frequent and on-going training and security education, organizations can create a security-focused culture where safe computing practices and habits become second nature.
Identify your risk.
From ransomware to data compromise through third-party vendors to unintentional or malicious insider threat,healthcare organizations face a daunting number of threats to patient data. In order to tackle these challenges, organizations must assume a defense-in-depth approach to data security that employs multiple layers of protection. Before deciding on what data protection technologies to implement, healthcare leaders and their teams must thoroughly assess their risk. By identifying where their most critical data travels and is stored, organizations can protect this data with technology that resides at the file’s core, creating a last line of defense that stays with data when it’s in use and at rest.
Pay special attention to mobile devices.
Mobile computing devices such as laptops, tablets and smart phones are now an integral part of a healthcare employee’s workflow. Health insurance providers, home care workers and remote outpatient cliniciansrely on these devicesto access sensitive, private data like protected health information (PHI) and personally identifiable information (PII). Threats can arise when this data is accessed and stored on mobile computing devices in the field; sometimes with no internet connectivity. Healthcare organizations are vulnerable to additional risk if these devices are lost, stolen or breached. In order to gain a better handle on their employees’ devices, organizations should employ data protection that encrypts, shreds and securely stores data, in real-time, without creating any noticeable changes to the end-user. Healthcare leaders should alsoimplement and enforce policies that stipulate circumstances under which devices can be removed from the facility.