Health is wealth. An old saying but it upholds an important underlying meaning. Consumers spend a great amount of money on wellness, prescriptions, medical examinations, lab tests, various auxiliary health procedures etc. With this, healthcare organizations have become a repository of vast amounts of sensitive data that these consumers share, making them soft targets for data beaches.
ITRC, Identity Theft Research Center, studied the trends of data breaches and concluded that in 2015, 35.5% of the breaches occurred in the healthcare sector. And 66.7% of the total records that were exposed were from healthcare industry. ITRC also claims that as of date in 2016, 34.9% of the breaches and 34.6% of the total records compromised are from healthcare; an overwhelming 4 million records have been reported to be affected in just the first few months of 2016.
Zecurion has put together a list of best practices that healthcare organizations are recommended to follow in order to protect themselves from such incidents.
Early Detection through Proactive Monitoring
Having efficient algorithms and rules for the network helps detect early if PHI and PII is being accessed without proper authorization. Many automated tools are available today that can discover any such breach at the initial stage itself. And early detection can thwart data loss incidents.
Towards this, solutions such as Zecurion’s Zgate enable companies to monitor all forms of outbound network traffic and online communications. It also helps identify sensitive information and prevents it from leaving the network. Zgate uses hybrid content analysis – combining digital fingerprints, Bayesian methods, and heuristic detection – to filter outbound traffic and detect confidential data.
Multilayer Security Authentication
Multilayer security authentication is a must. Options for finger print, retina test or scanning of a smart card should be added to regular password options to establish identity of the actual user. User role needs to be identified comprehensively, and accordingly the extent of authorization should be granted.
Encryption, Encryption, Encryption
Healthcare servers have vast sources of confidential information stored. Proper encryption of stored data can prevent data loss. Zecurion’s Zserver offers an excellent solution in this context. The solution encrypts information on hard drives, disk arrays and SAN storage using innovative and sophisticated cryptographic techniques. This protects stored information whenever physical control of the media is impossible, whether moving data to the cloud, or in the case of hard drive loss.
Update Security Patches Frequently
Antivirus and firewalls should not be outdated or obsolete. The software should be current and running 24/7 365 days without failure. Still just deploying antivirus is not enough. Securing the endpoints is equally important to prevent data loss.
Set Up Dedicated Risk Assessment Team
The management should have a formal dedicated risk assessment team to look into various techniques, procedures, and access points from where the PHI and/ or PII leaves the system. The team may pose as insider threat actors and hackers, play bad cop and come up with customized solutions and risk mitigation plans to protect against breaches.
Implement Incident Response Plan
Drawing up an efficient incident response plan helps in mitigating and containing the aftermath. This is very important for the reputation of the organization. When reputation is at stake, having a robust plan that streamlines what needs to be done, when and how, saves time, money and credibility.
Cyberinsurance is an option that healthcare organizations should consider to offset any financial liabilities that may occur as a result of data breaches.
Data loss prevention solutions are a must-have for healthcare organizations. They should be deployed without hindering or slowing down the access of information to care givers. While there is no fool-proof solution to any breach, it is best to go with the saying “prevention is better than cure”.