Story image

Six tips for improving data security in the healthcare sector

23 Jul 18

Digitisation has transformed the healthcare industry and been the catalyst for significant improvements in patient care but keeping sensitive data safe is an ongoing challenge for the sector.

The stakes are high, given the fact that healthcare records typically contain a wealth of data, of the kind that can be used to perpetrate identify fraud. Records trade at a premium on the black market; providing hackers with a healthy incentive to target practices and service providers.

Security breaches and incidents occur frequently

Collectively, healthcare providers reported more data breaches than any other sector in the first quarter of 2018. They accounted for an extraordinary 24 per cent of all notifications, according to the Office of the Australian Information Commissioner (OAIC), the federal agency responsible for administering privacy and information management policy in this country.

There are many measures healthcare providers can employ to better protect patient records and other sensitive information in their possession. Here are six ways to tighten your security set-up.

Undertake a security audit

Evaluating all the systems and processes within your service or practice can help you get a better handle on the risks you face and identify potential points of vulnerability.

It’s important to do this from a business as well as a technical perspective. Responsibility for data breaches rests with senior management and the OAIC can impose stiff penalties on organisations which fail to report and remediate them in a timely manner. Data breaches can also result in significant reputational damage and a resultant impact on the bottom line.

Check your tools

Using the latest and highest quality equipment has always stood the healthcare profession in good stead. Ensuring your cyber-security tools are up-to-date is equally important. Professional advice may help you to determine whether the measures and software you have in place are providing appropriate protection or if your defences need to be bolstered further.

Check the channels of communication

It’s common for data to be lost or compromised while it’s in transit. Examining the communication methods and channels used by staff – internally and externally – can help you identify possible points of weakness, such as insecure file sharing services. Putting measures in place to ensure employees only use secure channels will reduce the risk of data being lost, leaked or infiltrated.

Educate staff

The majority of data breaches are not caused by deliberate or malicious action. They’re the result of ignorance, carelessness and human error – anything from clicking on phishing emails to leaving an unencrypted laptop on a train or in the back of a taxi.

Ongoing education is the sine qua non of the healthcare profession and this should extend to your organisation’s ICT operations. Conducting regular cyber-security training sessions can help employees understand the risks being faced and the practical steps they can take to ameliorate them. Prevention is better than cure – and ensuring your whole team is alert to the possibility of a cyber breach or attack is the most effective way to lower your risk.

Find an email alternative

Email is a widely used business tool but it remains an insecure way of exchanging the sensitive data that’s routinely handled by healthcare providers. A secure file sharing platform is a more robust alternative and should be used to replace other insecure data sharing practices, such as loading files onto USB drives.

Safe storage

Data sovereignty is becoming an increasingly important issue and knowing where your data files are stored is vital. While most are likely to be on internal servers, some may be kept on cloud-based platforms or on systems owned by third parties. Reviewing these locations and halting the use of those which are deemed to be insecure will reduce the chance of sensitive files being compromised.

Article by Dekko Secure managing director Jacqui Nelson.

McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill.