There was a time when protecting electronic health care data focused on network controls to monitor and control incoming and outgoing network traffic. IT teams put up walls with controlled access points, and with each shift in technology, new walls were raised. The rise in mobility, the cloud, and the Internet of Things have challenged this perimeter-based security mentality. With data now spread across millions of access points that extend beyond the network, the walled approach to data security is crumbling down. For all organizations, it’s time to find a new way to think about data security.
Healthcare organizations were responsible for 67% of all breached data in 2015, remaining the top target for data theft because of the current vast stores of high value data being collected. As a prime target for data theft, healthcare organizations in particular find a new way to rethink data security in order to stop data from hemorrhaging from all the gaps in data protection the walled approach to data security created. In a post on For the Record, I talk about Rethinking Health Care Data Security from the Inside Out.
Healthcare networks, often comprising thousands of providers, contractors, and vendors, face unique challenges in data protection, complicated by the use of cloud storage and mobile devices across the board. With EHRs being accessed by a highly mobile workforce, healthcare faces the challenge of protecting an enormous attack surface, where a single mistake could lead to a very costly data breach. A report published in JAMA suggests that 80% of healthcare breaches can be tied back to poor data hygiene such as authentication, encryption, or the storage of information on endpoint devices.
In my article, I talk about how putting “walls” on the endpoint (such as encryption or antivirus) is not enough, particularly when reports indicate many health care organizations fail to protect the endpoint at all. With the current approach, data breaches are going to continue to increase. The focus needs to shift to a posture that focuses on the inside, on the data. A data-centric posture protects data from the inside out, allowing for a scalable approach that enables new technologies to emerge without compromising the foundation of data security.
In the article, I talk about how to implement a data-centric security strategy by:
- Defining your data
- Limiting access to data
- Layering technologies that protect data
- Setting up automated monitoring and controls
- Having a data breach response plan in place
- Automating patching and upgrades
The healthcare industry faces some of the steepest data security challenges, with networks that contain many systems and new devices going online every day. Changing the focus from perimeter security to data-centric security will allow organizations to scale technology solutions more effectively without impeding the advancement that EHRs and new medical technologies bring to the table.
Absolute DDS for Healthcare provides valuable inside into all of your endpoints and the data they contain, so you can have accurate information on your fleet of devices, with alerts for events and activities that could be precursors to a security incident. Absolute DDS for Healthcare is a comprehensive on boarding program which pairs our highest level of endpoint security with expert forensic support to respond to and contain security incidents. Learn more at Absolute.com