SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Six tips for improving data security in the healthcare sector
Mon, 23rd Jul 2018
FYI, this story is more than a year old

Digitisation has transformed the healthcare industry and been the catalyst for significant improvements in patient care but keeping sensitive data safe is an ongoing challenge for the sector.

The stakes are high, given the fact that healthcare records typically contain a wealth of data, of the kind that can be used to perpetrate identify fraud. Records trade at a premium on the black market; providing hackers with a healthy incentive to target practices and service providers.

Security breaches and incidents occur frequently

Collectively, healthcare providers reported more data breaches than any other sector in the first quarter of 2018. They accounted for an extraordinary 24 per cent of all notifications, according to the Office of the Australian Information Commissioner (OAIC), the federal agency responsible for administering privacy and information management policy in this country.

There are many measures healthcare providers can employ to better protect patient records and other sensitive information in their possession. Here are six ways to tighten your security set-up.

Undertake a security audit

Evaluating all the systems and processes within your service or practice can help you get a better handle on the risks you face and identify potential points of vulnerability.

It's important to do this from a business as well as a technical perspective. Responsibility for data breaches rests with senior management and the OAIC can impose stiff penalties on organisations which fail to report and remediate them in a timely manner. Data breaches can also result in significant reputational damage and a resultant impact on the bottom line.

Check your tools

Using the latest and highest quality equipment has always stood the healthcare profession in good stead. Ensuring your cyber-security tools are up-to-date is equally important. Professional advice may help you to determine whether the measures and software you have in place are providing appropriate protection or if your defences need to be bolstered further.

Check the channels of communication

It's common for data to be lost or compromised while it's in transit. Examining the communication methods and channels used by staff – internally and externally – can help you identify possible points of weakness, such as insecure file sharing services. Putting measures in place to ensure employees only use secure channels will reduce the risk of data being lost, leaked or infiltrated.

Educate staff

The majority of data breaches are not caused by deliberate or malicious action. They're the result of ignorance, carelessness and human error – anything from clicking on phishing emails to leaving an unencrypted laptop on a train or in the back of a taxi.

Ongoing education is the sine qua non of the healthcare profession and this should extend to your organisation's ICT operations. Conducting regular cyber-security training sessions can help employees understand the risks being faced and the practical steps they can take to ameliorate them. Prevention is better than cure – and ensuring your whole team is alert to the possibility of a cyber breach or attack is the most effective way to lower your risk.

Find an email alternative

Email is a widely used business tool but it remains an insecure way of exchanging the sensitive data that's routinely handled by healthcare providers. A secure file sharing platform is a more robust alternative and should be used to replace other insecure data sharing practices, such as loading files onto USB drives.

Safe storage

Data sovereignty is becoming an increasingly important issue and knowing where your data files are stored is vital. While most are likely to be on internal servers, some may be kept on cloud-based platforms or on systems owned by third parties. Reviewing these locations and halting the use of those which are deemed to be insecure will reduce the chance of sensitive files being compromised.