Preventing Data Breaches: What Can Healthcare Organizations Do?

Updated on June 5, 2019

Last year, healthcare was the leading industry for cyber attacks and data breaches, making up 41% of all cyber incidents. Ransomware can be devastating: In 2018, the billing vendor AccuDoc Solutions earned an inglorious record by enabling the hacking of 2.65 million patients data.

Whether healthcare organizations are just starting to move away from paper documents or already run on digital data, they must make data security their number one priority. Three fundamental questions can help them minimize risks:

1.     What are the organizational needs and expectations?

2.     What is the state of the infrastructure and IT set-ups?

3.     Who is responsible for accessing, collecting, and storing the data?

Organizational Needs & Expectations

When reassessing their data policy, healthcare operators should develop a comprehensive game plan. Knowing exactly what data is to be collected, where from, and the method of collection, leads to the design of forms that exactly match the organizational needs.

This usually depends on the security framework each institution decides to pursue. Many healthcare organizations aim to comply with HIPAA regulations, and they need to protect data including patient name, birthday, medical history, address, contact information, IDs, and medical and social insurance details.

Such a vast amount of information requires that each organization is clear on how they collect and protect it. In security, being proactive and having visibility into the environment pays off. No potential issue should be ignored, whether it’s an outdated network or an unlocked PC in a small office.

Infrastructure & Set-up

Building a strong infrastructure is key but the equipment distribution must be well managed. Computer screens, copy machines, and fax machines must be placed out of the reach of unauthorized individuals and hardware in common areas must be protected against theft or unwarranted access.

Software set-ups require careful attention. While encryption should be first on the agenda, there is much more to consider. Some set-ups can help determine the current state of inventory of devices on the network, notify when new devices are added, control what those devices are sending and identify whether or not it is safe.

Storing data is another challenge. The most recommendable strategies include cloud solutions or external servers. CRM solutions, such as Salesforce, have a great benefit. For example, each time a patient fills in the form, all the data gets automatically updated, resulting in the creation of a comprehensive database.

Now more than ever, it is becoming increasingly common for healthcare personnel to use mobile devices to access work-related data. Whenever employees can access sensitive information from their personal gadgets, providers need to ensure that it’s done in a secure way by taking certain measures, such as being able to remotely wipe and lock lost or stolen devices.

While having a strong hardware and software set-up in place is key, it is crucial to remember to maintain these systems to their full effectivity. Updating software to its newest version is fundamental: the mass WannaCry attack on the British NHS was enabled through a known vulnerability found in earlier versions of Windows.

Responsible Personnel

No matter how flawless a set-up is, in the end it always comes down to the human factor. Digital technology may seem daunting, so healthcare providers must become IT literate and understand the benefits digitization brings.

Staff are always more likely to manage data efficiently if they are familiar with the processes and the advantages they bring. For that reason, the system should be simplified as much as possible to make employees embrace it and work with it willingly, rather than see it as an imposed tool to complicate their lives.

Security awareness campaigns are an inexpensive way to strengthen data protection. For example, while password policies may seem basic, they can go a long way. Staff should be encouraged to develop strong passwords and change them frequently to prevent hacker attacks with automated tools. The best way to keep track of this is to set an organizational reminder for changing passwords once every term.

Hospitals and clinics are increasingly turning towards digitization to optimize their operations to welcome in the fourth industrial revolution. Digital security must go hand in hand with this process.

Florin Cornianu is co-founder and CEO of 123 Form Builder.