Patient data is without a doubt a gold mine for hackers and cyber criminals, with electronic health records (EHR)’s containing personal information like demographics, billing information, medical histories, lab results and more. Today EHR’s are usually stored on multiple platforms and systems, making patient data that much more vulnerable. Collaborative care only makes things more complex as data may travel between different systems and devices, increasing the opportunity for patient data loss to occur.
According to IBM’s 2016 Cyber Security Intelligence Index, healthcare organizations are now among those most frequently attacked. In February 2016, the Department of Health and Human Services (HHS) reported nearly 112 million individuals had been affected by protected health information breaches – more than 60 times the 1.8 million impacted in 2014.
Earlier this year, HHS asked healthcare organizations to tighten up EHR security as they began experiencing “persistent and evolving threats” from attackers. Marques Murray, senior security architect at Merlin International pointed out, “For a long time there simply wasn’t a security culture in healthcare. It really began in earnest some eight years ago when the Defense Department mandated that contracted commercial healthcare vendors implement DoD security standards.” According to Murray, HIPAA “set the tone” for healthcare security and organizations are now beginning to take extra measures to protect themselves.
Healthcare institutions are embracing security measures like encryption, both for data-at-rest and in-flight, which David LaBrosse, Strategic Partner Manager, Healthcare Data Management Solutions at NetApp says “has come a long way”. LaBrosse believes “some of the challenges organizations face is whether or not encryption is the right fit — or is easy to manage.” He says, “At NetApp, we are offer a variety of encryption options to address data at rest and in transit requirements. We have also made it easier for customers to manage the encryption solution. “
Multi-factor authentication is also gaining traction within the healthcare industry, even though it is something that many doctors and providers initially shied away from due to concerns with the additional time it takes to enter extra codes and passwords. Many doctors feel that in emergency situations, time is critical, so extra security measures must be as efficient as possible. That said, LaBrosse believes that “multi-factor authentication will become more user friendly” in the future, “and, with the proper security training, the log-in time can be reduced.” At the end of the day, there may not be any other alternatives when it comes to extra protection for patient data and encryption along with security deployed at the network access level are likely the way to go now. As Murray says “You want to put a gate around that personal information. That is by far the biggest driver for security.”
Interested in learning more? You can download the “Health IT Guide: Better Tools for Better Outcomes” here.