Healthcare is data. To effectively treat patients and create new forms of care, information must be shared, analyzed, and transmitted across several devices, among a number of healthcare professionals, insurance providers and other third parties. The sensitive nature of this personal information has long made healthcare an attractive target to cyber criminals while the complex nature of the industry creates continued struggles to protect the data, as frequent data breach headlines point out.
One new study points to healthcare as the worst offender when it comes to a secure external security posture. Researchers found the industry has the highest level of severe issues in their external security posture, which they define as out-of-date software, insecure protocols, misconfiguration, and password flaws.
While a serious situation, protecting healthcare data doesn’t have to be a losing battle. Digital care models can be secured but it requires continuous vigilance and data protection across every endpoint. To make improvements in securing your security posture, start with these 7 basic steps:
- Pinpoint every device (laptop, desktop, tablet, and mobile phone) that has access to PHI.
- Identify unauthorized sharing and cloud storage apps on all endpoints.
- Deploy a minimum 128-bit encryption on every device—especially on those with access to PHI.
- Use a persistent connection to devices, extract asset intelligence, and validate that data protection is always running. This is good due diligence and it satisfies the HIPAA Security Rule.
- Benchmark each endpoint’s cyber hygiene and security posture to align with changing requirements of HIPAA Privacy and Security Rules.
- Implement remote command capabilities, such as data delete, data retrieval, device freeze, and forensics in the event of security incidents or exposures.
- Learn from other organizations that have experienced a data breach. Review these scenarios and make relevant adjustments to ensure you don’t suffer a similar fate.
Comprehensive asset intelligence, automated endpoint hygiene, and continuous compliance give healthcare IT and security teams the tools they need to succeed in the digital care frontier. I talked more about these steps along with lessons learned from those who have suffered a breach with Dave Shackleford of the SANS Institute in a recent webinar.
Listen to our archived version, 7 Steps to Protecting Data in the Era of Digital Care.