Category Archives: Healthcare

How to Use DLP to Secure PHI & Better Comply with Healthcare Regulations

Advances in technology have caused vast improvements to patient care in the healthcare industry. While healthcare administration has become more efficient, healthcare providers are able to offer improved patient care by reading patient data from sophisticated equipment in real time and being able to get specialists in different locations to offer professional advice on a specific patient’s treatment.

With this, of course, comes the risks involved with electronic data. Many of the publicized concerns, in the media particularly, lie with external threats, but almost half of all data loss happens internally, because of accidental or intentional and malicious release of sensitive information.

In this article, we’ll talk about how to use data loss protection (DLP) to better secure protected health information (PHI) in line with industry regulations.

What does PHI cover?

The key information covered in PHI includes, but is not necessarily limited to information about:

  • Health status
  • Provision of health care
  • Payment for health care

There are specific indicators, such as, in terms of location details, anything more specific than an individual’s state is protected. These can be found, as well as a full breakdown of the law, here.

Using DLP strategy

DLP strategy is much more than just rolling out expensive software for employees to use and ensure you’re covered. In fact, lawmakers will look at much more than just the technology employed if you are facing prosecution and liability for any internal data breach.

  1. Staff accountability

All staff, from HR personnel, to specialist healthcare professionals, IT departments and administrative staff should be on-board with the healthcare institution’s DLP strategy. They should understand it and be actively employing it. This means effectively communicating it to all staff through policies and procedures. Often some of these can be implemented in the actual DLP technology, meaning staff are getting real time updates on how they are using the DLP strategy, what they’re doing right and wrong, and how to improve.

  1. Identification and prioritization

Prioritizing how and what patient information should be deemed sensitive and how much DLP should be applied can be tricky. However, the laws around PHI help with this as they breakdown quite specifically what needs to be protected. From there, it is a matter of figuring out where that data lies and how the DLP technology can protect it.

  1. Audit, monitor and scale

It’s unrealistic to assume that a healthcare establishment, such as a large hospital, can protect every piece of information immediately. Budgeting and resource constraints get in the way. Additionally, new technology is always being implemented in the healthcare industry so rolling out a single DLP strategy that rigidly stays in place for the next decade will not do the job that lawmakers are expecting it to.

Instead, potential sources from which data can leak should constantly be assessed as they arise, data movement should be tracked to look for abnormalities and irregularities. And, audits should take place on how effectively the DLP strategy has been in ensuring the protection of patient information.

US lawmakers are serious about data loss protection in the healthcare industry and the laws around them are enforced, with individuals sometimes facing fines up to $250,000 if they are found to be liable. Ensure that your healthcare institution complies with industry regulations by working with your DLP company to create an effective, well-communicated strategy that protects you and, most importantly, your patients.

5 Ways to Overcome Healthcare Compliance and Security Risks

In order to ensure optimal patient safety and care, healthcare is one of the most standardized industries in the world. Particularly in countries like the US, where liability risks are enormous, hospitals are directing huge amounts of resource to ensure that they are compliant with national, and even international standards, to avoid scrutiny and liability.

The security threat that comes with the increase in mobility and remote technology, means that hospitals also have to be incredibly vigilant about data loss protection (DLP) and the threat that internal sources pose, both maliciously and by accident, in the release of sensitive data. Failure to do so can result in huge fines, a loss of reputation and risks to patient safety. Here are 5 ways that healthcare institutions can look to overcome compliance and security risks:


In a study conducted by Ponemon Insititute LLC, it was found that only 23% of respondents in the healthcare industry were using data loss protection software to prevent against internal data breach. A huge amount of resource is often put towards preventing external threats through anti-malware and anti-virus programs but almost half of all data loss comes from internal sources. DLP software addresses the source of all information – how it operates and moves internally – and therefore helps to prevent its movement externally.


Data loss protection strategies, plans and software are only as good as how they are used and enforced. This requires a great deal of communication from IT departments as well as top level staff at healthcare institutions. A DLP strategy must be used by everyone handling patient information, which involves clear policies and procedures for staff to follow to ensure no accidental breaches, preferably integrated into the DLP software in real-time.Of course, a DLP plan that employs certain overrides can assist with this – for instance, blocking the download of data via a USB port, if that is appropriate.


Visibility and accountability go hand-in-hand when it comes to overcoming security risks in hospitals, particularly those that are internal malicious threats. Employing a system that clearly identifies and tracks the movement of sensitive data, as well as ensuring that user information is connected to that movement, wards off malicious behavior. If the person wishing to release sensitive data knows that there is a higher likelihood that it could be tracked back to them, they will be less likely to do so.

4.Secure encryption

New healthcare protocols globally, and particularly in the US, mean that it is no longer acceptable for hospitals to not be encrypting their data. In the US, this can mean both civil suits and large fines, sometimes up to $250,000 for the individual responsible. The compliance protocols state that any breach that occurs involving sensitive data that was not protected (encrypted) must be reported to the Department of Health and Human Services. Encrypted data that is breached, however, does not need to be reported and is not penalized. It is viewed that the hospital took the necessary steps with a DLP plan to prevent such an occurrence and is therefore, not liable. Investing in encryption is a preventable measure that can significantly reduce large fines and lawsuits.


Hospitals, as we know, are incredibly large institutions and therefore employing a rigorous DLP strategy to meet with compliance requires a huge amount of resource, which often can’t be met in a single financial year. Working with a good DLP company means that you should be able to employ an effective DLP strategy that takes care of the essentials to meet protocols immediately. But can then be scaled up and be fluid enough to change for the upgraded technology that is always occurring in the healthcare industry.

A good DLP strategy is more than just software. Especially when it comes to internal threats, it’s essential that a DLP strategy understands how people think and behave in order to overcome healthcare compliance and security risks. Preventative measure such as encryption and communication can help avoid the accidental breach of data. Clear visibility and accountability can assist in preventing a purposeful and malicious breach, while also ensuring that healthcare compliance protocols are truly met.

Healthcare Industry Data Loss Problems – And Their Easy Solutions

According to a report by the Ponemon Institute, nearly 90% of healthcare organizations suffer data breaches. Internal threats such as mistakes—unintentional employee actions, stolen computing devices—account for nearly half of the data breaches. This statistic certainly serves to show the staggering problems around data loss in the healthcare industry. While the scale of the problem, and therefore the solutions to it, may seem incredibly vast, there are actually strategies healthcare organizations should be implementing in order to combat this high-risk situation.

Why is theft, or loss with malicious intent, so high?

Firstly, medical records can fetch up to 50 times that of credit card records on the black market. While that may seem far-fetched, it’s surprisingly not, given the amount of credibility medical records hold when it comes to identification. Criminals can easily use medical records to fraudulently bill insurance companies, obtain prescription medicine, in addition to other identity theft practices.

The move to digital and the losses that come with it

The digitization of medical records has been seen as a long overdue step by the medical community to reduce mounting hospital administration and provide patients with more reliable diagnoses and care. Proper due diligence isn’t being paid when it comes to data loss protection for a variety of reasons, budgeting, outdated technology and lack of knowledge among them. As a result, breaches into healthcare systems are becoming more and more commonplace, particularly as online criminals become more skillful, as well as hospital staff accidentally releasing sensitive patient information.

The problem areas

Data loss is considered to be one of the most commonplace ways for healthcare organizations to lose a patient’s medical files. The main problem areas include criminal attack, a stolen computing device, unintentional employee action and technical glitches in the system.

The root problem

At the root of these problems are outdated legacy systems and medical devices and poor training in data loss protection. Healthcare organizations have an extremely unique set of challenges when it comes to digitized information. Particularly for hospitals, the scale at which they work, is huge. The number of individuals who have files stored on their systems, as well as the number of medical professionals who are not highly skilled in computer literacy, is vast. Combine this with computer systems that need updating and a lack of budget to do so, and it is easy to see why data loss is so prevalent in the healthcare industry.

The solution

The solution to the problem can be simplified into two parts – update computer systems so that strong security measures can be put in place, and implement a data loss prevention strategy across the organization. The first solution requires budget, but it is imperative that this is prioritized. Ransomware and malware are becoming an increasingly prevalent, malicious, and ruthless way of obtaining data. Trends suggest that it will become even more of an issue in coming years and the only way to combat it is through state of the art security measures.

A data loss prevention strategy, while still costly, especially if implementing on a large scale, is more of an upfront cost and a slow burn investment. For healthcare organizations, a data loss prevention strategy is an incredibly cost-effective way to protect against data loss as much of it involves staff onboarding and communication in order to make it work. Of course, software systems need to be installed to protect files, but much of the hard work comes from ensuring that all staff understand what they need to be doing in order to avoid the inadvertent leakage of sensitive information.

With just a quick online search, you can see the mounting concern about protecting patient data in the healthcare industry, and the ever-growing and alarming statistics about how much data is currently being compromised. Healthcare organizations need to reprioritize budget in order to implement easy and effective solutions like state-of-the-art security, and a data loss prevention strategy that has buy-in from staff working both in hospitals and medical centers on network devices, and remotely on mobile.

Best Practices in Securing Healthcare Data


Health is wealth. An old saying but it upholds an important underlying meaning. Consumers spend a great amount of money on wellness, prescriptions, medical examinations, lab tests, various auxiliary health procedures etc. With this, healthcare organizations have become a repository of vast amounts of sensitive data that these consumers share, making them soft targets for data beaches.

ITRC, Identity Theft Research Center, studied the trends of data breaches and concluded that in 2015, 35.5% of the breaches occurred in the healthcare sector. And 66.7% of the total records that were exposed were from healthcare industry.  ITRC also claims that as of date in 2016, 34.9% of the breaches and 34.6% of the total records compromised are from healthcare; an overwhelming 4 million records have been reported to be affected in just the first few months of 2016.

Zecurion has put together a list of best practices that healthcare organizations are recommended to follow in order to protect themselves from such incidents.

Early Detection through Proactive Monitoring

Having efficient algorithms and rules for the network helps detect early if PHI and PII is being accessed without proper authorization. Many automated tools are available today that can discover any such breach at the initial stage itself. And early detection can thwart data loss incidents.

Towards this, solutions such as Zecurion’s Zgate enable companies to monitor all forms of outbound network traffic and online communications. It also helps identify sensitive information and prevents it from leaving the network. Zgate uses hybrid content analysis – combining digital fingerprints, Bayesian methods, and heuristic detection – to filter outbound traffic and detect confidential data.

Multilayer Security Authentication

Multilayer security authentication is a must. Options for finger print, retina test or scanning of a smart card should be added to regular password options to establish identity of the actual user. User role needs to be identified comprehensively, and accordingly the extent of authorization should be granted.

Encryption, Encryption, Encryption

Healthcare servers have vast sources of confidential information stored. Proper encryption of stored data can prevent data loss. Zecurion’s Zserver offers an excellent solution in this context. The solution encrypts information on hard drives, disk arrays and SAN storage using innovative and sophisticated cryptographic techniques. This protects stored information whenever physical control of the media is impossible, whether moving data to the cloud, or in the case of hard drive loss.

Update Security Patches Frequently

Antivirus and firewalls should not be outdated or obsolete. The software should be current and running 24/7 365 days without failure. Still just deploying antivirus is not enough. Securing the endpoints is equally important to prevent data loss.

Set Up Dedicated Risk Assessment Team

The management should have a formal dedicated risk assessment team to look into various techniques, procedures, and access points from where the PHI and/ or PII leaves the system. The team may pose as insider threat actors and hackers, play bad cop and come up with customized solutions and risk mitigation plans to protect against breaches.

Implement Incident Response Plan

Drawing up an efficient incident response plan helps in mitigating and containing the aftermath. This is very important for the reputation of the organization. When reputation is at stake, having a robust plan that streamlines what needs to be done, when and how, saves time, money and credibility.


Cyberinsurance is an option that healthcare organizations should consider to offset any financial liabilities that may occur as a result of data breaches.


Data loss prevention solutions are a must-have for healthcare organizations. They should be deployed without hindering or slowing down the access of information to care givers. While there is no fool-proof solution to any breach, it is best to go with the saying “prevention is better than cure”.

Top Breaches in Healthcare in 2015-16


Last week, we read about top breaches in the higher education sector. In this blog, we have identified for you top breaches in the healthcare sector.

  1. Anthem – February 2015 saw the largest healthcare breach of all times, with nearly 80 million records, containing sensitive data, getting affected.
  2. Premera Blue Cross – In March 2015, the Washington-based organization found that its 11 million records were hacked and both medical as well as financial data was breached. FBI investigation concluded that Chinese hackers were involved as in the case of Anthem breach. The organization provided two years of free credit monitoring to individuals affected by this incident.
  3. Excellus Blue Cross Blue Shield has been the third largest breach where in more than 10 million records were exposed.
  4. UCLA Health, based in Los Angeles, had 4.5 million records exposed in May 2015, as unauthorized user gained access to classified information.
  5. In Indiana, Medical Informatics Engineering, stated that 3.9 million records with Personal Health Information (PHI) fell into the hands of hackers in May 2015. Two years of free credit monitoring has been provided to individuals affected by this incident.
  6. In November, 2015, Maine General found that data from its system had been uploaded on an external website. Though the site did not have any sensitive information, it still exposed the vulnerability of healthcare to insider and external threats.
  7. In another incident, Washington State Health Care Authority (HCA) notified that 91,000 Medicaid patient files got mishandled. In this case, and HCA employee was helping an employee of Apple Health, a free healthcare service for low income individuals, with an Excel problem when the information got exchanged inappropriately, which is a clear violation of HIPPA regulation. Though the exposed information was not misused, yet both the employees were relieved from their jobs and one year of free monitoring was provided.

It is worth mentioning that the Department of Health and Human Services is becoming very vigilant in connection to HIPPA violations. The department is determined and is making sure that healthcare organizations are complying with HIPPA. If in non-compliance, the organizations have to pay hefty fines. Below are some examples of organizations that had to pay heavy fees as a result of non-compliance.

  1. Cancer Care Group, Indianapolis, paid $750,000 as HIPPA settlement.
  2. Lahey paid an exorbitant $850K to DHHS.
  3. Triple-S Management Corporation, however, tops the list by defaulting and paying a fine of $3.5 million.

According to the Office of Civil Rights, there were 253 healthcare breaches in 2015, with a combined loss of over 112 million records. To reinforce the importance of implementing data loss prevention, we have put together a few statistics from Ponemon, an independent researcher, on how vulnerable healthcare is to data breaches.

  1. At least 91% of the healthcare organizations have had one breach.
  2. 39% of the healthcare organizations have faced 2 – 5 breaches.
  3. 40% of the healthcare industries have been exposed to breaches more than 5 times.
  4. Data breaches in healthcare cost nearly $6 billion annually.
  5. Most important of all, non-malicious employee error is the leading reason for the breaches.


In conclusion, we can see how vulnerable our healthcare industry is to data breaches. The need to have robust and agile data loss protection solutions is strong and immediate. Those that are proactive and take adequate measures are bracing themselves for an imminent risk, while others are left behind. Data loss is no more new; it is there and it can strike anytime. Prepare and act now.

2016: Data Breach Statistics*, Year until 02/23/2016

*The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

1.7 Million Records Already Breached within Just Two Months of 2016

Zecurion offers deeper insight into selected incidents caused either by accidental or intentional data breaches. With all such incidents, the common elements describing the impact of this growing problem are financial loss, compromised intellectual property and dwindling customer confidence. Let us see how some sectors have been impacted during the first two months of 2016. The excerpts below only provide a glimpse of some of these incidents – the list goes on.


2 February, 2016 – Washington State Health Authority (HCA) has notified that 91,000 records of Apple Health (Medicaid) clients were accessed without any authorization by an employee. Social Security numbers, dates of birth, Apple health client ID numbers and private health information was passed to another state agency’s employee. After internal investigation, it has been established that the classified information did not get beyond these two employees. However, as a precaution free year-long credit monitoring has been offered to the affected people. Both the employees have been fired since the incident came to light.

Source:  King 5 News

26 January, 2016 – The County of San Diego has confirmed that the classified records of all the employees were accidently sent to Wells Fargo as opposed to only those that are set up for Health Savings Accounts with the latter. The County and Wells Fargo are working together to delete unwanted records. A free year-long credit monitoring has been offered to the affected people. The breach is being deemed as an accidental error due to incorrect program code for data transfer by Hewlett- Packard Enterprise Services.

Source: California Attorney General, SC Magazine


25 January, 2016 – Health Equity has informed that an employee sent an email containing personal information including Social Security numbers of its clients to one of their business partners by error. An unknown number of people have been affected and are being given a year of free credit monitoring.

Source: California Attorney General


5 January, 2016 – Southern New Hampshire University (SNHU) has confirmed that due to a configuration error, on part of a third party vendor, the database containing names, email addresses, IDs, course details, scores etc. of its students has been exposed. Reports show that about 140,000 students have been affected due to the breach even though the university has only 70,000 enrollments. It is believed that the discrepancy in numbers may mean that both former and current students have been affected. The investigation is still ongoing.

Source: CSO Online

Zecurion’s Annual Review: 2015 Data Breach Statistics


*The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

As we step into 2016, let’s look at the cost of data breach in 2015 and the trends that have impacted it.

Human Error Causes 19% of Data Breaches

Though malicious or criminal attacks pose as the main contributing factor for data breaches – almost 49%, yet negligent employees are responsible for an exorbitant 19% of the breaches, and 32% involved system glitches that includes both IT and business process failures.

Average Cost of Breached Record is $217

The average cost per lost or stolen record containing sensitive data is $217 for 2015. There has been a substantial increase of $16 per record breached in comparison to year 2014 which is close to an 8% increase. The average cost of $217 consists of $74 towards direct per capita cost and the remaining $143 towards indirect per capita cost. Direct costs are the costs that the companies spend to minimize the consequences of a data breach and to assist victims. Indirect costs pertain to what the companies spend on existing internal resources to deal with the data breach.

Higher than Average Data Breach Cost for Healthcare, Pharmaceutical, Financial, Energy, Transportation, Communications and Education


Some industrial sectors such as healthcare, pharmaceutical, financial, energy, and transportation, communications and education are more prone to the breaches and thus have higher data breach costs. They tend to have a per capita data breach cost more than the mean of $217. On the contrary, public sector (government), hospitality and research have a per capita cost well below the overall mean value.

Average Cost per Organization is $4.7 Mn to $11.9 Mn, Depending on Number of Records Breached

The number of breached records per incident in 2015 ranged from 5,655 to 96,550 records. The average number of breached records was 28,070. As the number of lost records increases, so does the cost of data breaches. In 2015, companies that had data breaches involving less than 10,000 records had an average cost of data breach of $4.7 million and the ones with the loss of more than 50,000 records had a cost of data breach of $11.9 million.

Among the number of factors that contribute to increased lost business costs, the significant ones are loss of business, legal services, investigation & forensics, increased customer acquisition activities and diminished goodwill.  In order to reduce the cost of data breaches, businesses need to make proactive decisions and make worthwhile investments in various strategies, key being setting up an incident response plan, implementing data loss prevention solutions, planning for business continuity and its management, appointing CISO with enterprise-wide responsibility and investing in employee training.

2015: Data Breach Stats*, Year until 11/24/2015


*The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

No Sector Left Behind – Confidential Data Loss Threat Looms in Some of the Other Forms

Zecurion offers deeper insight into selected incidents caused either by accidental or intentional data breaches. With all such incidents, the common elements describing the impact of this growing problem are financial loss, compromised intellectual property and dwindling customer confidence. Let us see how some sectors have been impacted in the months of September to November of 2015. The excerpts below only provide a glimpse of some of these incidents.

Financial and Insurance Services

2 October 2015 – Schwab Retirement Plan Services Inc. (SRPS), California, notified customers of a data breach that occurred when an email having social security numbers, names, addresses, dates of birth, dates of termination, employment status, division code, marital status and account balance was accidently sent to a participant in another retirement plan serviced by SRPS.

Source: California Attorney General

25 September 2015Bed Bath and Beyond notified customers of a data breach at their New York City location. The breaches happened between March 7 and August 3, 2015, and involved a cashier. The employee has since been removed from the store and customers have been asked to contact their banks for possible credit card theft.

Source: Vermont Attorney General

25 September 2015Blue Cross BlueShield of North Carolina notified customers of two data breach incidents. In the first one, one member’s billing invoice information was being printed on the back of another member’s invoice. The information revealed names, addresses, internal BCBSNC account numbers, group numbers, coverage dates and premium amounts. The second breach happened when payment letters included incorrect information and were sent to the wrong members. This information exposed the type of health plan purchased, effective dates, health insurance marketplace identification numbers, payment amounts, telephone numbers and payment identification numbers.

Source: Health IT Security



26 October 2015 – Emergence Health Network notified their patients that the company’s server has been accessed without any authorization. EHN hired the services of a third party vendor to conduct an audit on the server and to find out if the breach affected its 11,100 records. Based on the audit, it was not immediately apparent of any confidential information had been accessed or misused.

Source:  Department of Health and Human Services

3 October 2015 – Sentara Heart Hospital, Virginia, notified patients that two portable hard drives containing information such as birthdates, names, diagnoses, types of procedures and other clinical notes was stolen on the weekend of August 14, 2015. About 1,040 records have been affected by this theft.




6 October 2015 – The Lake Norman High School, California, notified its students of a beach when one of its students obtained an administrative password and accessed school without authorization. Seven students have been charged by the Iredell County Sheriff’s Office in this regard.  It has been reported that no personal data, testing or grades were accessed. Since then, the school has taken corrective measures to secure the computer system.




18 November 2015 – The Georgia Secretary of State, Brian Kemps office is being sued by two Georgia women who claim that the Secretary’s office released personal information that involves 6 million Georgia voters. 2 separate entities received the files due to a clerical error and included drivers license information, Social Security numbers and dates of birth. According to the lawsuit, Mr. Kemps office never notified individuals regarding the breach, nor did they contact the consumer reporting agencies.


22 October 2015The Juvenile Division of the Clerk of Courts of Osceola in Florida erroneously displayed information of juveniles charged in court cases on its official website. Not only were their names displayed, but also their foster system was exposed online via the e-file system. Authorities are investigating the breach and trying to fix the problem. An unknown number of records have been affected because of this.

Source: WFTV Channel

9 October 2015 – The Vacaville Housing Authority (VHA) notified individuals that one of their employees unintentionally sent an email to one person with an attachment containing names and social security numbers of their customers. The person immediately informed the VHA authorities who in turn deleted the email from this person’s computer. As a precaution, VHA has offered free credit monitoring service to the affected customers for 12 months.

Source: California Attorney General



04 November 2015 – Avis Budget Group notified customers of a data breach when the third-party provider that manages their open enrollment process accidentally sent a file to another company that is also their client. The information exposed included names, addresses and Social Security numbers.

Source: California Attorney General

13 October 2015 – Uber’s new app “Uber partner” had a glitch that resulted in a data leak affecting nearly 674 US drivers. The data, exposed for a few hours, included taxi certification forms, driver licenses and W-9 forms with Social Security numbers for cab companies. According to Uber, the data was only visible to logged-in drivers who went to their documents page. Since then, Uber has fixed the issue.

Source: California Attorney General

Safeguarding the Devices can Reduce Data Leaks by Over 40 Percent in Healthcare

Healthcare is the top-most targeted sector for data breaches, accounting for nearly 78 percent of total number of records exposed over January-August 2015. Of all the data breaches in healthcare, 12 percent accounts for intentional insider leaks whereas 17 percent is due to unintentional disclosure. The biggest chunk of 41 percent is attributed to lost or missing devices. Therefore safeguarding just the devices themselves can reduce the threat of data loss significantly.

The following measures can help organizations in safeguarding their devices:

  1. Reporting Loss – The first and foremost step is to report the loss or theft of any such device immediately to the organization so that proper steps can be taken.
  2. Surveillance of Premises – One of the easiest and most widely used methods to avoid any theft is monitoring the workplace by security cameras or electronic log systems of employees. Even if the device or data gets stolen or goes missing, the security equipment will help in recovering it or in identifying the offender.
  3. Educating Employees – Creating security awareness among the employees is another important step in averting potential data thefts. Various programs must be conducted for employees to educate them and make them accountable for devices allocated to them. It should be a continuous process and should be enforced through regular email reminders, desktop screen savers, placards on the walls, etc.
  4. Data Management – It has two components – documenting data storage and removing unwanted information. Data should be stored in a methodical way by defining class of data with proper labelling of sensitive information. Another important aspect is to clean unwanted and duplicate files from the system to reduce the chances of data loss.

Apart from safeguarding devices, companies should also secure them so that in case of any unexpected loss, they are prepared to deal with the ensuing data loss. Following measures could help a company in dealing with data stored in lost devices in a more effective way:

  1. Data Encryption – This can be achieved by encrypting the data on portable devices and disabling the transfer of any information from these devices to any other device. Technologies such as on-the-fly encryption, redaction, DLP (Data Loss Prevention) solution and DRM (Digital Rights Management) on sensitive data are some of the ways for enhancing data protection.
  2. Geo-fencing – Geo-fencing is a kind of virtual barrier that uses Global Positioning System (GPS) to define the geographical boundary for any portable device. Once outside the boundary, data inside that particular device cannot be accessed. It also helps in recovering the lost device.
  3. Remote Wipe – With the help of the right set of tools, the information stored in stolen devices can be partly or totally wiped remotely.

It is imperative to change the outlook of healthcare companies to equally focus on both devices and data stored inside it. Measures for device safety and for data loss prevention should be planned proactively.