June 20, 2017
Healthcare Needs a Data Checkup
This haste to complete implementation of electronic health records has led to a deficiency in data protection and security measures.
As the healthcare industry continues to digitize, data protection technology has not been able to keep pace. Unfortunately for industry participants, healthcare has become a top target for state-sponsored and free-agent hackers.
In fact, a study released by Michigan State University in April 2017 found that healthcare providers reported 1,225 of the total 1,798 data breaches in the U.S. from 2009 to 2016. Why has the healthcare industry become such a target? And what can healthcare providers do to protect their organizations and the thousands of patients they serve?
One primary reason for the target on healthcare’s figurative back is the rapid implementation of electronic health records (EHRs). From 2009 to 2014, adoption of EHRs rose from less than 10% to 97%. This haste to complete implementation has led to a deficiency in data protection and security measures within EHRs. Additionally, with more and more providers leveraging mobile devices and turning to data driven by the Internet of Things, attackers have a plethora of new entry points to access private and sensitive data.
See also: Data Security Critical as IoT Multiplies
A quick scan of the Identity Theft Center’s 2016 Data Breach Report shows that lost workplace laptops and stolen company-issued cell phones are frequently listed as reasons for a data breach.
Given the growing use of workplace devices in the healthcare industry, as well as the corresponding danger of transmitting information from a central data center to end-user devices and back again, it is crucial that data is protected the moment it is created. Further, healthcare providers must ensure employees are aware that their devices could be compromised when the connection to the data center is lost.
Mobile devices make it harder to protect data
For example, an attacker could access data while employees are traveling between medical centers when the connection is lost and then sell the retrieved information or leverage it for ransom. As such, data should be protected regardless of whether it is at rest or in transit, as well as in connected and disconnected environments.
To protect themselves from vulnerabilities that lead to data breaches, cyber attacks and ransomware, healthcare organizations must revisit their security strategy. This strategy should be comprehensive, flexible and capable of mitigating the impact of a breach at various levels within the enterprise via multiple layers of security solutions. The use of layered security allows for incremental defense to ultimately protect what is most vital to the business—its data. If other security countermeasures are defeated, data protection, which supersedes traditional encryption, will be vital as the last line of defense. For this reason, organizations must use data protection that travels with their data, rendering the data useless to the attacker should it be compromised.
Training, technology part of treatment
Data security is a threat that will not fade away, but rather grow in importance. As technology continues to advance, attackers and other entities involved in data theft will have just as many tools as the healthcare providers endeavoring to protect valuable and private information.
See also: Aggressive Regulation on Data Breaches
Healthcare organizations must accept that their data will become a target and that these threats could originate from nontraditional sources, such as IoT and other innovations. Leaders must act now to protect their business, patients and other stakeholders.
This article originally appeared on ThirdCertainty. It was written by Ermis Sfakiyanudis.