Healthcare Organizations Need to Check out their Security Posture
Interconnected digital health records are essential for healthcare companies to bring advanced benefits to their patients and customers, but the probability to lose data influencing vast numbers of people is great if organizations overlook data security measures. PHI (Protected Health Information) and PII (Personally Identifiable Information) like Social Security Number, Healthcare ID Number, Address, Birth Date, and Payment Information can be worth millions on the 'Dark Web'.
Healthcare has the second highest number of breaches following financial services, according to Verizon's Data Breach Investigations Report. The latest HIPAA data breaches figures show that last year the number of patient records exposed to attacks tripled. The statistics show that over the past four quarters a staggering 15 million records were exposed with the number rising every quarter, from just over 1 million records in Q1 to over 6 million records in Q4. The overall number of breaches was 503, the highest number recorded to date.
Check out: Top EMR/EHR Companies
Data should be encrypted, both in static condition or transit. Data encryption prevents access to attackers who manage to breach other defenses and launch man-in-the-middle attacks. Data backups are essential in the fight against aggressive attacks using ransomware. After a successful ransomware attack, the only way to return systems and devices to normal is to restore them from a clean backup. Save business, medical, device, email, and other data on a regular schedule and maintain backups at multiple physical locations.
HIPAA, as well as other regulations, necessitate a disaster recovery plan for healthcare organizations and they need to act swiftly when a breach is found. They should have an action plan even if specific circumstances prevent it. Infringements of HIPAA guidelines and loss of consumer confidence can hurt business both in the short and long term. Loss of healthcare data is no longer a black swan moment and poses a high risk to both organizations and patients. Prevention is something every healthcare organization needs to be concerned about, with insider threats and malicious actors being the primary causes of data loss.
By Tom Conophy, CIO, Staples Inc.
By Joe Touey, SVP, GSK North America Pharmaceuticals IT
By Eric Tamblyn, Global VP-Guru Managed Services, Genesys
By Charlie Isaacs, CTO, IoT, Salesforce
By Jonathan Rosenberg, VP & CTO, Collaboration, Cisco
By Dave Doyle, CIO & SVP, IT, Regal Entertainment Group
By Jeffrey Keisling, CIO and SVP, Pfizer
By Colin Boyd, VP & CIO, Joy Global Inc
By George Hines, CIO, Massage Envy
By Mark Jacobsohn, SVP, Booz Allen Hamilton
By Mike Gioja, CIO and SVP of IT, Product Management and...
By Nathan Johnson, SVP and CIO, Werner Enterprises [NASDAQ:...
By Darrell Edwards, SVP and Chief Supply Chain Officer,...
By Hannah Datz, VP Retail North America, SAP Hybris
By Marc Kermisch, VP & CIO, Red Wing Shoe Co.
By Robert Garrison, CIO, DTCC
By Mike Sakamoto, CTO, California Department of Health Care...
By Bradley Peterson, EVP & CIO, NASDAQ
By Steve Betts, SVP and CIO, Blue Cross and Blue Shield and...
By Kathryn Kai-ling (Ho) Frederick, EVP, Growth & Insights,...