Source: HIT Consultant | May 30, 2016
2015 was unsurprisingly the year with the highest-profile healthcare data breaches to-date. With more and more patient information being transferred and stored digitally it’s a trend likely to continue for many years to come. Clinics, doctors offices, insurers and hospitals, however, are equally increasing their measures in fighting back.
Similar to money and jewels, no data is completely immune from unauthorized access so long as legitimate access is granted to specific people. That doesn’t mean systems can’t attain near 99.9% success. To achieve it, healthcare providers are adhering to the following measures:
1. Keep business associates in line: Medical providers depend on a large network of companies and services to have the tools and means to deliver successful treatments and cures. Many of the immediate business associates of clinics, doctors, and hospitals must be held accountable for the safety and security of data. This is achieved through relevant business associate agreements.
2. Separate wireless networks: It may sound obvious to someone “tech-savvy” but it’s surprising how many healthcare providers (usually smaller clinics and offices) allow transient use of the same wireless network they operate on when entering, saving, and sending patient information. Creating dual wireless networks, one for folks in the waiting room and the other for staff, is a simple way to guard against data breaches.
3. Beef up network security: Limiting access to the network via sub network, while effective in preventing local cyber attacks, isn’t as effective in preventing attacks coming from the outside. Patient data should be covered by a company-grade advanced network security system designed to swiftly detect indicators of compromise.
Targeted attacks tend to be sophisticated; authorized users will test the waters before diving. Advanced network security systems are able to sense these tests and initiate a rapid response before the attack itself even starts.
4. Conduct (mandatory) HIPAA security risk analysis every year: In accordance with government regulations healthcare providers are required to submit their systems to an annual security evaluation. In fact with today’s increasingly sophisticated cyber attack strategies it may soon be good policy to commit to an assessment every nine months.
The intention of this seemingly intrusive audit is to make otherwise healthcare-focused professionals face the facts about potential threats to their IT systems.
5. Make sure employees are up-to-date with HIPAA regulations: Healthcare providers depend on numerous staff to carry out the seemingly menial tasks of which the entire system needs to function. Each of these staff members are potential targets for one of the most common tactics in the pursuit of data: social engineering.
Someone on the phone pretending to be a patient or physician may turn out to be someone else entirely, a fact which can be uncovered if patient privacy protocol is followed. Knowing the rules starts with learning them.
Patient data breaches in the healthcare industry are going to increase in occurrence, but the countermeasures providers are putting in place strengthen responses. No security system can guarantee 100% success but reducing ease of unauthorized access is how providers can approach an ideal state of patient data protection.