Vaccinate against security breaches | Nov16 Newsletter
Beginning-of-year predictions are popular among experts in all fields. One of the most alarming 2017 forecasts is a claim from Experian Data Breach Resolution that healthcare organisations will be heavily targeted by cyber criminals.
With that in mind, the New Year is also a good time to analyse the best ways for organisations to store their data so it’s safe, secure and available. Every day, health organisations generate huge volumes of sensitive data, such as test results, patient reports, scans and images. So, what’s the best way to secure all that information?
Complementary network protection
Firewalls and antivirus software are the standard across industries, but with hackers becoming more sophisticated in the way they breach security, these perimeter plans are no longer enough on their own. ‘Border control’ needs to be complemented by internal segmentation firewalls and solutions that limit the spread of damage when an attack occurs.
Encryption of mobile devices
Increasingly, healthcare professionals work away from an office or clinic environment and this mobility opens laptops, USB drives and other mobile devices to breaches. By encrypting all devices that contain patient data, organisations reduce the risk that information will fall into the wrong hands. Additional security measures beyond the usual ones taken for personal devices, including two-factor authentication, can add an extra layer of safety.
Check third-party security
Conducting third-party security checks is a time-consuming but essential security measure. A comprehensive assessment of vendors also needs to be completed on a regular basis – checking each vendor once and declaring them acceptable is not enough.
Delete old data
One way to eliminate the risk of data theft is to reduce the amount of data that you have stored. Creating a policy and providing staff with specific guidelines whereby unnecessary information is securely deleted so it cannot be reinstated will go a long way to protecting patients. Always ensure, of course, that you remain in accordance with any regulation regarding the minimum retention periods for patient data.
Protection of medical devices
Healthcare providers don’t just run the risk of computers being hacked: the threat of pacemakers, monitoring tools and other electronic medical devices being infiltrated is also rising. While these attacks might seem the stuff of the distant future, nobody wants to be one of the first victims. Make sure patients and staff know how and when to update security patches on any connected devices.
Prepare for the worst
Even with a safety net of features in place to protect your organisation’s security, be prepared for a possible incident. Make sure you have a plan in place for securing information and preventing any further data loss in the case of a breach.
The consequences of a medical data breach are wide-ranging, impacting both organisations and patients – making a comprehensive network for protecting that data essential.