5 Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution

Data loss prevention (DLP) is crucial for any company that holds digital files these days, regardless of the size of the company. While much of the data loss that is reported on in the media often involves large companies, there are a number of small companies that fall victim to data breaches because they do not have the right framework to protect themselves.

A DLP solution helps to address insider threat and requires some readiness for its successful implementation. Here are some tips that will help evaluate if your organization is ready for DLP implementation.

  1. What’s the purpose?

This is a big step that a lot of people miss because it seems so obvious. The purpose is to stop data loss, correct? Narrowly speaking, yes. However, it just isn’t realistic to think that a DLP solution is going to completely prevent both internal and external data loss.

Firstly, think about why you’re implementing a DLP solution and the ramifications for your company. Does your company possess a lot of personal information or trade secrets. What would the effect on your company be if data were to leak. Far from being a pessimistic way of looking at a DLP solution, figuring out what the real risk to your company is will help you to think about the below tips.

  1. Find and define

The first step to getting ready for any DLP solution is to actually figure out what data needs to be protected. It’s not at all realistic to have an incredibly sophisticated system apply to every file your company holds. In addition, it is also important to think about how any kind of policy will impact employee output. If employees have new procedures and policies to implement with a DLP solution, you want to make sure any slowdown in implementing these is an effective use of their time.

Generally, the most sensitive data will include people’s personal details, especially social security numbers and financial information, or include trade secrets and intellectual property. Figure out what is the most sensitive information in your company, define it meticulously, and ensure that it carries a lot of weight in your DLP solution.

  1. Data movement

Next, it’s a really good idea to understand better how your data moves around your company. We tend to only think about how we use company files yet we’re one of many who do this. Preventing data loss because of an internal threat, an employee either maliciously or accidentally leaking data, is essential to your solution.

Watch where your most sensitive data moves and consider all the networks it sits on as well as end points and then think about who is using that data and what processes and protocols they go through.

  1. Following the policy

This one follows on from our last point of thinking about who is using the data and what processes they go through. All your employees will have to follow the DLP strategy that is implemented so it is essential to ensure that it is workable enough to be adhered to.

Part of this is getting buy-in from your employees. You can achieve this by making them part of the journey. Explain the purpose of what you’re doing and the risks involved, ask for suggestions or if they have noticed gaps and holes in how data moves around the organization. Communication is essential as a DLP plan is really effective only when it is implemented by everyone.

  1. Effective role management

Ensuring that everyone knows what role they play as part of the processes and procedures of a DLP plan is again about communication. Define each role clearly and give people ownership and responsibility so that they take it seriously. Assign privileges for accessing more sensitive information carefully.

Readying your company for a DLP solution is a simple step-by-step process of awareness, understanding and communication. Become aware of the type of data your company possesses, the risks it holds and understand how it moves around your company and what role your employees play in this. Then look to define the data and the roles and processes around it and communicate these clearly to your employees. Following these tips will ensure that your company implements any DLP solution effectively.

Top 5 Data Security Trends to Watch for in 2018

External data threats have been big news in previous years, particularly in the politicized landscape of 2016 and 2017. It is important not to forget that some of the mammoth breaches last year were due to internal leaking of information, indicating there clearly aren’t enough data loss protection protocols in many companies. These, and other trends, are going to dominate the IT industry in 2018, so we’ve put together a list for you to prepare you to kick start the year prepared.

  1. Advanced analytics are available –it’s all how you use them

Data loss protection (DLP) plans are looking a lot more sophisticated than they did even a couple of years ago. The philosophy behind any DLP strategy has always been to think clearly about how the data is used, and therefore how it is breached or lost. This means that it’s agile enough to keep up with changes in technology, such as advances in user and entity behavior analytics that help companies better understand the areas where data is lost, and create tools to prevent this from happening.

  1. Prevention, not just protection

In the same vein, the shift in focus is definitely turning to, not just protect existing data, but also figure out ways to prevent loss in the future. Basic security, such as a firewall, is no longer cutting it. And, businesses are figuring out that they need to get their employees onboard to assist with preventing their own internal breaches. A well-communicated DLP plan and easy-to-implement processes will swiftly help companies in 2018.

  1. Industry compliance is here

Governments have been slow to catch up with the shifts in technology, particularly in creating regulations around them. However, they will be well and truly in existence in 2018, in that there is a push to crack down on the increasing challenge of data loss. Governments will, more and more, be placing the onus on companies to get their security up to an appropriate level. For instance, the General Data Protection Regulation, which comes into force next year, affects the way companies process the data of any European citizen – a huge move.

  1. CARTA as the core strategy

The Continuous Adaptive Risk and Trust Assessment Approach (CARTA) is a framework for approaching data security that is completely adaptive in its mindset. It came about because data security measures were not proving strong enough, simply because they were innovating measures for present problems and leaving it. The CARTA approach is all about review and iteration. Constantly looking at real-time IT statistics to inform good decision-making about where to next in terms of data protection.

  1. Adapting blockchain to protect data

Through blockchain, data is stored on an open server, so it is decentralized and distributed widely. Having no central location where data is stored makes it much harder for large chunks of the same data to be lost. The blockchain network would notice any change in the data storage on its open server and therefore make it even more difficult to carry out large data hacks.
The number of high profile data losses has been increasing in recent years, and not just through criminal activity. Because of this, governments are cracking down on companies to protect citizens from having vast amounts of their personal information get into the wrong hands. Additionally, of course, for companies carrying trade secrets and other intellectual property, the incentive to get data loss protection sorted is high. Luckily, 2018 is seeing data loss protection technology heading in the right direction. The mindset is changing towards ensuring that good data loss protection strategies are both preventative and adaptive.

Insider Data Breaches – Year So Far

Half of all data loss that occurs in companies, happens externally. It’s a figure that surprises many as the panic over data loss often exists around targeting and preventing the activity of cybercriminals. Often internal data breaches are accidental – one click too many, sending the wrong attachment, the list goes on. Internal data breaches can also be malicious, particularly when there is a financial reward to releasing the data involved. Sometimes it can be difficult to imagine what those breaches might look like so we have put together a list of just some of the insider data breaches this year so far, to give you a better idea:

Department of Health and Human Services, Maine

More than 2000 individuals who received foster care benefits were affected in this breach, when all of their personal details, including children’s details, were posted on a third-party website. The Maine Office of Information Technology reported that the potential breach happened as part of a system upgrade when a contractor posted information from to a third-party website not within the state system.

Tarte Cosmetics

It’s not often that the cosmetics industry specifically is called out about data loss protection. Generally, it’s industries such as healthcare and hospitality. But, Tarte Cosmetics’ breach could not be ignored with a massive 2,000,000 customers affected by an internal data breach of their personal information including email addresses, phone numbers, physical addresses and parts of their credit card number.

Arkansas Department of Medicaid

Arkansas Department of Medicaid reported that 26,000 Medicaid recipients’ personal information was breached when a former analyst sent the information to her home email address a day before she was fired for an unrelated matter.


Originally known as Time Warner Cable, in September this year, this company saw 4,000,000 of its customer records breached internally, including login credentials. The breach occurred because of a breakdown in security around the cloud-based computing they were using and the provider it was connected to.

South Washington County School District

Possibly one of the most concerning breaches of all this year, due to the potential for harm it could have caused was one which came from a South Washington School District. While there were only 9,600 files breached, the information was about children, specifically grades, ID numbers, and, concerningly, bus routes, pick-up and drop-off times and locations. Officials are calling it an “inadvertent employee error.”

Inadvertent employee errors are a reality these days. In the United States, there has been estimated to be well over 1.5 million internal data breaches, just in 2017. Sometimes these can be on purpose, but they can also be a completely harmless mistake that was in no way intended. The good news is that there are sophisticated data loss prevention strategies, plans and technology out there that can be implemented, in order to protect this from happening. It’s crucial that employees are onboard with rolling out this implementation, so knowledge about the very real nature of internal data breaches can be helpful in getting them on board.

7 Reasons Why Your Organization Will Need Data Loss Prevention in 2018

As we enter 2018, data loss prevention is becoming a necessary part of business planning, as there just don’t appear to be many industries immune to breaches. 2017 has seen a spate of data loss breaches from not just some of conventional industries such as healthcare, financial services and retail, but also others like automotive, hospitality and even the military, in some cases. Here are some reasons why your business really needs data loss prevention in 2018:

  1. The threat is not just external

There’s a difference between what you see reported in the news media and what is actually happening in the U.S. and around the globe. Statistically speaking, internal threats account for just over half of all data loss. That’s according to an Insider Threats Report from 2017. While it doesn’t pay to solely look at one piece of data, the trend of roughly half of all threats being internal has existed across multiple studies for a number of years.

  1. Financial ramifications can be huge

According to a poll of 1,000 business decision makers, the average cost believed to be incurred from a data breach was around $1 million. Clearly, this depends a great deal on what industry you are in, but it’s something to be mindful of, particularly if your data is sensitive and would be worth something to other people.

  1. Financial ramifications are just the start

Quantifying the consequences of an internal data breach is a difficult thing to do, largely because loss of reputation and trust. Even if your business can take the financial hit from fines and compensation, it also has to withstand what can be sometimes a substantial loss of business. This can be particularly harmful for small businesses who don’t quite have the buffer of the larger, often multinational counterparts.

  1. Big data is here to stay

Companies are now moving to a place where they exist on data, and the growth of the big data industry is proof of that. While sensitive data nowadays often consists of things such as financial details and social security numbers, companies will increasingly find in the future that the data they keep on customers is more sophisticated and personal – and therefore sometimes more valuable to an outsider, which can lead to an internal worker deliberately releasing it.

  1. Thoughts on the Cloud are in the cloud

Most of us are moving to cloud-based computing and SaaS applications as a cost-effective way of storing and using data without having to pay for large builds. However, this also means that a DLP plan needs to be in place to ensure that sensitive data that your company currently keeps in the cloud is encrypted and that its transmission to third parties is prevented.

  1. Intellectual property protection is important to your customers and your business

This can be one of the biggest long-term consequences of data loss. While a breach of personal information about customers can be wide scale in its negative effects, an intellectual property breach is narrow, but incredibly damaging. If your company holds trade secrets, plans etc, either for your business or your customer, it’s essential that these are protected appropriately with a DLP strategy.

  1. Endpoints are increasing

With remote work becoming more and more common, the number of endpoints that data is stored on is therefore also increasing. These can be within your business’ computer network but it can also be outside it, in public places or at home. In these cases, you need a technology monitor that is installed on all of these devices that prevents certain sensitive or confidential actions happening as part of your DLP strategy.

A data loss protection strategy doesn’t have to be an alarming addition to your company’s business plan. However, it is starting to become concerning how many businesses, big and small, are avoiding the need for one of these, given that amount of data we use is growing exponentially. Internal threats can be both malicious and totally by accident, so it’s important to protect your employees, your company and, of course, your customer from the ramifications of data breaches.

What You Did Not Do in 2017 to Prevent Data Loss

We all know data loss is an issue. We see stories in the news media of large airlines or financial services compromising large quantities of sensitive information, some of which could have been very preventable. However, it’s not just big businesses that are a target. Roughly half of all data loss happens internally, either by malicious intent, or inadvertently. This means that any employee in a business that holds information online and in computer systems could potentially lose your company’s data. We’ve outlined some of the key things you probably didn’t do in 2017 so you can get your company ready for 2018.

  1. Back it up

This doesn’t just mean occasionally getting out a hard drive to double save the important stuff. Every company should have a backup procedure for their files. Of course, it’s sensible to employ more security measures for more sensitive files, but a data loss protection plan will ensure that files are being regularly protected and can therefore be restored if a loss of data occurs.

  1. Multiple backup points

One backup point has been proven to be not enough for truly sensitive data. Apply the 3-2-1 rule as part of your data loss protection plan. Information that needs to be highly protected has 3 backups, general day-to-day information that has much less importance has 1, and give moderate level information 2 backup points. It also helps to have offsite backups as well. Particularly when there is an external breach, it can affect entire physical locations due to how malware operates in shutting providers down.

  1. Get your audit on

One of the easiest ways for data to slip through the cracks, either intentionally or by an employee’s mistake, is when systems aren’t up to date. You would be amazed how much of your software and hardware needs patches and upgrades. Auditing is the perfect end of year job to go into 2018 with a fresh start and an updated system. Often it doesn’t end up being super expensive – you’re probably already aware of the big-ticket items that need to be upgraded.

  1. Sort out a communication plan

You can’t single-handedly prevent data loss from your company, but you can empower your employees to take heed and ensure that the systems that you have in place are working correctly. Surveys and feedback loops are a great way of winning employee engagement. Ask them how they use the data – they are the ones who are handling it day-to-day after all. And as you iterate and improve data loss protection plans, ask them for feedback. You’re much more likely to get buy-in if they feel that the way they work is being taken into account.

A great number of instances where critical company information is lost is often very preventable. We say preventable because backups are a huge part of protecting your company from potential data breaches. Ensure that, if anything goes wrong, you’re still able to access the information from another endpoint.

Any good data loss protection strategy starts with a review of the status quo so do a full audit of the ‘goings-on’ of your data, software and hardware – and be critical about where there’s room for improvement. Next, get your employees onboard to ensure that any efforts are fully integrated within all areas of the company. A thorough and well-thought out data loss protection plan can save your company huge fines, loss of reputation and potential loss of business.

The Top Industry Targets for Data Breaches – Are You on the List?

It’s important to know what your data breach risk is. It’s something that affects every company worldwide that operates even part of its services online. However, some companies are more at risk than others, sometimes due to the sensitive nature of information about individuals possessed by these companies, but also how easy it is for the data to be lost in some way. This is generally when companies have an insufficient or incomplete data loss protection strategy that prevents against both internal and external threats. Here are some of the top industries that have data breaches:

  1. Healthcare
    Healthcare is a prime target because of the huge amount of sensitive information, from medical records to payment information, kept by healthcare organizations. Due to the sheer size and scale of many healthcare organizations, often upgrading software and protection systems becomes so big that it’s overlooked in favor of what feel like more immediate issues, such as staffing and equipment. Around 100 million health records were compromised in 2015 and similar figures stack up for 2016 also.
  1. Financial Services
    Frighteningly, almost half (49%) of global financial services organizations have experienced a data breach in the past, according to the 2017 Data Threat Report. IBM has found that one of the biggest vulnerabilities for financial services firms is actually human error. Insider involvement accounted for 58% of all breaches in 2016; of these, 53% acted inadvertently, while 5% acted with malicious intent. Unfortunately, many of these could have been avoided with an agile data protection plan that was well-communicated to all employees.
  1. Government
    Governments have always been classic targets for any kind of information breach, due to the sensitive nature of the data that they hold and the power that they wield. They’re also a huge employer. If you were to add up the various parts of the US government from military, to bureaucratic and civilian, you can get figures of close to 5 million individuals working for the US government and having access to its computer systems. With roughly half of data breaches occurring internally, that’s 5 million potential ways to lose confidential government information.
  1. Transport and Logistics
    This is also a huge industry and covers everything from giant airlines, to small owner-operated delivery services. The US Department of Transportation said, “the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.” Essentially, the transportation industry exists in a mobile world and mobile is one of the easiest end-points for data to be breached. It’s often not protected properly by companies, which can lead to employees easily losing information or being targeted by cyber-criminals.

Even if your company’s not on this list, it’s important for you to take steps to ensure that the data stays safe and secure. Data breaches have become so serious that companies can be liable for serious fines if it is deemed that their security was not up to scratch. If you’re a SME or SMB especially, they are the kind of fines that could put you out of business completely, or ruin your reputation. Look into a data loss protection strategy that works for the needs of your company and figure out ways to get your staff on-board to ensure that no data is lost from your organization.

Unique Data Loss Risks Faced by the Hospitality Industry

Data collection, data mining and big data, in general, have the ability to transform how industries, such as the hospitality industry, provide their services. The ability to access information about an individual, from basic contact information, to payment information, to behavioral information, means that benefits that consumers have come to expect – such as ease and personalization – can be easily employed.

The data captured by the hospitality industry, particularly hotels and restaurants, is often very comprehensive and sensitive, meaning it has serious ramifications if that data is lost. A person staying in a hotel will be handing over contact and payment details, using hotel wi-fi for business and personal use, and ordering services for their own personal comfort. Research indicates that the  hospitality industry accounts for nearly 14 percent of all breaches, second only to the retail industry. Here are some of the unique data loss risks the hospitality industry is facing:

  1. Large numbers of SMEs and SMBs

From the huge boutique hotel industry that’s booming, to owner-operated restaurants and bars, a great deal of the hospitality industry is made up of SMEs. Often, even when these businesses are part of a wider syndicate, there won’t necessarily be standardized rules for data security.

So, what’s the big deal with SMEs? Due to their size, SMEs and SMBs often don’t have any thorough data loss protection strategy in place. Cost, time and lack of knowledge are the general contributing factors here. However, DLP plans are now much more affordable and easy to implement, so it really comes down to the industry getting itself up to speed by educating that DLP implementation is essential and possible to do.

  1. Paper still rules the roost

Hotels, especially, still rely heavily on paper to conduct their day-to-day business. It’s common-place for services rendered and paid for to be carried out on paper throughout the whole transaction. Physical loss is one of the easiest ways for data to escape internally, either on purpose or by accident. Either way, due to the lack of digital footprint, it’s incredibly difficult to track where the leak came from.

Add to this, that according to Shred-it’s 2017 Security Tracker, less than half (49 percent) of small businesses shred all documents, including non-confidential ones, it’s clear that the hospitality industry needs to address this as part of their DLP strategy.

  1. Employee training is outward focused

Hospitality is a wholly customer-focused service industry. Huge amounts of resource are poured into staff training to ensure that customer’s needs and desires are being met and align with the kind of service the company is trying to provide.

The reality of this is that very little attention is focused towards internal processes. There are many statistics that suggest that roughly half of all data losses occur because of internal threats – people maliciously or unintentionally leaking sensitive data. This means that hospitality companies need to distribute their resource more efficiently and start focusing on creating internal DLP processes that work and that prevent the leakage of data.

While the potential for data to improve the services of the hospitality industry is huge, it brings with it large amounts of sensitive data that are not currently being properly protected with adequate data loss protection strategies. The high numbers of small to medium businesses, combined with the fact that the largely paper-based hospitality industry has an outward focus, means that there is plenty of work to do to ensure that the data of customer’s is protected from potential internal data loss threats.

DLP Strategies to Maintain HIPAA Compliance

Data loss protection (DLP) for compliance is the process of ensuring that sensitive data is not breached through its accidental or intentional release. Patient information is some of the most sensitive information about any individual. With so much of it being stored electronically, it is essential that steps are taken to protect the privacy and maintain HIPAA compliance.

In the US this can mean both civil suits and large fines, sometimes up to $250,000 for the individual responsible. The compliance protocols state that any breach that occurs involving sensitive data that was not protected (encrypted) must be reported to the Department of Health and Human Services.

What is HIPAA compliance?

HIPAA stands for the Health Insurance Portability and Accountability Act. It’s the law of the United States that is designed to ensure anyone handling sensitive patient information is protecting it and taking reasonable preventative measures to avoid its release. It sits alongside the HITECH Act, which raises the penalties around the release of electronic health information. We’ll be concentrating primarily on the Security Rule of HIPAA in this article, as it relates to electronic health information, but it’s important to be aware of the additional laws that come with health data.

What is the Security Rule

The Security Rule is the part of the Act that electronic protected health information – the creation, maintenance and movement of this kind of data. The key information relating to the Security Rule is to:

  • Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against reasonably anticipated, impermissible uses or disclosures; and
  • Ensure compliance by their workforce.

How to become compliant

A good DLP strategy essentially covers these things through software integration, plans and processes that are easy for healthcare professionals to use in their day-to-day jobs without slowing them down from their crucial role.

Everything from access control of who can actually see, modify and send sensitive information, through to encryption and other techniques when it comes to the downloading, uploading, sending and receiving of data.

Auditing, monitoring and scaling the process is also meant to be considered by healthcare institutions. This means constantly assessing all data and how sensitive it is, monitoring its movement to ensure there aren’t breaches which haven’t been considered with advancing technology, and ensuring that the DLP strategy is always growing and adapting to protect sensitive data.

Essentially, lawmakers are looking to ensure that healthcare professionals are taking due care, not only with patient safety during treatment, but also when they are dealing with patient information – from their health data to their Social Security Numbers. If you follow the preventative strategies above, you greatly reduce the risk of prosecution.

How to Use DLP to Secure PHI & Better Comply with Healthcare Regulations

Advances in technology have caused vast improvements to patient care in the healthcare industry. While healthcare administration has become more efficient, healthcare providers are able to offer improved patient care by reading patient data from sophisticated equipment in real time and being able to get specialists in different locations to offer professional advice on a specific patient’s treatment.

With this, of course, comes the risks involved with electronic data. Many of the publicized concerns, in the media particularly, lie with external threats, but almost half of all data loss happens internally, because of accidental or intentional and malicious release of sensitive information.

In this article, we’ll talk about how to use data loss protection (DLP) to better secure protected health information (PHI) in line with industry regulations.

What does PHI cover?

The key information covered in PHI includes, but is not necessarily limited to information about:

  • Health status
  • Provision of health care
  • Payment for health care

There are specific indicators, such as, in terms of location details, anything more specific than an individual’s state is protected. These can be found, as well as a full breakdown of the law, here.

Using DLP strategy

DLP strategy is much more than just rolling out expensive software for employees to use and ensure you’re covered. In fact, lawmakers will look at much more than just the technology employed if you are facing prosecution and liability for any internal data breach.

  1. Staff accountability

All staff, from HR personnel, to specialist healthcare professionals, IT departments and administrative staff should be on-board with the healthcare institution’s DLP strategy. They should understand it and be actively employing it. This means effectively communicating it to all staff through policies and procedures. Often some of these can be implemented in the actual DLP technology, meaning staff are getting real time updates on how they are using the DLP strategy, what they’re doing right and wrong, and how to improve.

  1. Identification and prioritization

Prioritizing how and what patient information should be deemed sensitive and how much DLP should be applied can be tricky. However, the laws around PHI help with this as they breakdown quite specifically what needs to be protected. From there, it is a matter of figuring out where that data lies and how the DLP technology can protect it.

  1. Audit, monitor and scale

It’s unrealistic to assume that a healthcare establishment, such as a large hospital, can protect every piece of information immediately. Budgeting and resource constraints get in the way. Additionally, new technology is always being implemented in the healthcare industry so rolling out a single DLP strategy that rigidly stays in place for the next decade will not do the job that lawmakers are expecting it to.

Instead, potential sources from which data can leak should constantly be assessed as they arise, data movement should be tracked to look for abnormalities and irregularities. And, audits should take place on how effectively the DLP strategy has been in ensuring the protection of patient information.

US lawmakers are serious about data loss protection in the healthcare industry and the laws around them are enforced, with individuals sometimes facing fines up to $250,000 if they are found to be liable. Ensure that your healthcare institution complies with industry regulations by working with your DLP company to create an effective, well-communicated strategy that protects you and, most importantly, your patients.

5 Ways to Overcome Healthcare Compliance and Security Risks

In order to ensure optimal patient safety and care, healthcare is one of the most standardized industries in the world. Particularly in countries like the US, where liability risks are enormous, hospitals are directing huge amounts of resource to ensure that they are compliant with national, and even international standards, to avoid scrutiny and liability.

The security threat that comes with the increase in mobility and remote technology, means that hospitals also have to be incredibly vigilant about data loss protection (DLP) and the threat that internal sources pose, both maliciously and by accident, in the release of sensitive data. Failure to do so can result in huge fines, a loss of reputation and risks to patient safety. Here are 5 ways that healthcare institutions can look to overcome compliance and security risks:


In a study conducted by Ponemon Insititute LLC, it was found that only 23% of respondents in the healthcare industry were using data loss protection software to prevent against internal data breach. A huge amount of resource is often put towards preventing external threats through anti-malware and anti-virus programs but almost half of all data loss comes from internal sources. DLP software addresses the source of all information – how it operates and moves internally – and therefore helps to prevent its movement externally.


Data loss protection strategies, plans and software are only as good as how they are used and enforced. This requires a great deal of communication from IT departments as well as top level staff at healthcare institutions. A DLP strategy must be used by everyone handling patient information, which involves clear policies and procedures for staff to follow to ensure no accidental breaches, preferably integrated into the DLP software in real-time.Of course, a DLP plan that employs certain overrides can assist with this – for instance, blocking the download of data via a USB port, if that is appropriate.


Visibility and accountability go hand-in-hand when it comes to overcoming security risks in hospitals, particularly those that are internal malicious threats. Employing a system that clearly identifies and tracks the movement of sensitive data, as well as ensuring that user information is connected to that movement, wards off malicious behavior. If the person wishing to release sensitive data knows that there is a higher likelihood that it could be tracked back to them, they will be less likely to do so.

4.Secure encryption

New healthcare protocols globally, and particularly in the US, mean that it is no longer acceptable for hospitals to not be encrypting their data. In the US, this can mean both civil suits and large fines, sometimes up to $250,000 for the individual responsible. The compliance protocols state that any breach that occurs involving sensitive data that was not protected (encrypted) must be reported to the Department of Health and Human Services. Encrypted data that is breached, however, does not need to be reported and is not penalized. It is viewed that the hospital took the necessary steps with a DLP plan to prevent such an occurrence and is therefore, not liable. Investing in encryption is a preventable measure that can significantly reduce large fines and lawsuits.


Hospitals, as we know, are incredibly large institutions and therefore employing a rigorous DLP strategy to meet with compliance requires a huge amount of resource, which often can’t be met in a single financial year. Working with a good DLP company means that you should be able to employ an effective DLP strategy that takes care of the essentials to meet protocols immediately. But can then be scaled up and be fluid enough to change for the upgraded technology that is always occurring in the healthcare industry.

A good DLP strategy is more than just software. Especially when it comes to internal threats, it’s essential that a DLP strategy understands how people think and behave in order to overcome healthcare compliance and security risks. Preventative measure such as encryption and communication can help avoid the accidental breach of data. Clear visibility and accountability can assist in preventing a purposeful and malicious breach, while also ensuring that healthcare compliance protocols are truly met.