This article was first published in the Summer 2015 issue of OnWindows
Healthcare providers are prime targets for cyber criminals. Not only do private health and insurance organisations store lucrative personal financial data, many healthcare institutions do not have the necessary security layers to prevent sensitive patient data from being transmitted and exposed.
Cyber attacks have more than doubled since 2010 and are now the most common cause of healthcare data breaches. For example, three major US health insurance companies have reported computer systems breaches in 2015, while UK civil liberties and privacy group Big Brother Watch has claimed that confidential patient records are lost or inappropriately shared by the UK’s National Health Service employees around six times per day.
Although Ponemon Institute’s fifth annual survey on healthcare data security highlighted that only 40% of healthcare organisations are concerned about cyber attackers, it also indicated that the repercussions of data breaches can be highly detrimental. On average, data breaches can cost healthcare organisations around £1.5 million, when they factor in the expense of notifying and compensating victims, potential government fines and the cost of upgrading their security systems.
Faced with pressure to improve the quality of patient care and operational efficiency, many hospital organisations are investing in mobile workforces and external contractors, which poses new data security risks. Remote employees using malware-infected or incorrectly encrypted devices to access sensitive patient data may expose networks, applications and databases to hacking and data theft, particularly if these devices are lost or stolen. Meanwhile, internal staff and external contractors and business partners may not always adhere to the provider’s security protocols, which results in compliance violations.
Despite these risks, many healthcare organisations have not updated security practices to block attacks and protect patient data. To do so easily, they need to adopt centralised management platforms, strengthen identity and policy-based data management procedures, and schedule regular security assessments.
Solutions such as Imation’s IronKey flash drives can also ensure that all mobile devices and desktops are sufficiently encrypted. For example, an acute hospital care provider based in the UK implemented Imation’s IronKey flash drives to encrypt all mobile devices to prevent private health data from being lost when they are removed from the premises. The institution can also use the drives to manage data storage devices from the cloud, or destroy them remotely if they are lost.
Now is the time for health organisations to take control of data security and compliance, otherwise they risk expensive fines and a damaged reputation as another data breach statistic.
Nicholas Banks is vice president of EMEA and APAC sales for Imation’s IronKey solutions
Share this story