[BreachExchange] Keeping patient data secure in the age of information overload

Thu Feb 23 20:10:39 EST 2017

http://www.beckershospitalreview.com/healthcare-information-
technology/keeping-patient-data-secure-in-the-age-of-
information-overload.html

The days of paper medical records are long gone. We've entered an era where
doctors and healthcare providers can have your personal information at
their disposal in a matter of seconds. Sounds great, right? It should be.

But while this quick transfer of data saves time and improves patient care,
the information is highly sensitive, and can be damaging in the wrong hands.

Protecting patient data is a very serious issue, and one that vendors and
partners should take as such. The healthcare industry has become one of the
most lucrative targets for cybercriminals. Ignoring this fact can result in
a loss in trust and patient loyalty when a nearly inevitable data breach
occurs.

We need to take a step back and look at the complexities around how data is
entered, stored and preserved within healthcare organizations. This, in
turn, will allow us to understand how vendors and partners can provide the
level of data protection patients expect.

The Influx of Patient Data
When injuries happen or you fall ill, data is collected. Your digital
patient folder will continue to grow between scheduling appointments,
entering personal and medical insurance information, or testing your
vitals. But it doesn't stop within the four walls of the hospital. If you
need an MRI or a prescription, medical records are sent electronically to
another healthcare facility or pharmacy.

>From just one visit, medical information can be passed through scheduling,
EHR, PACS, prescription systems, a population health database, and more.
What does this mean? It means that not only has your information been
recorded and stored in these distributed systems once, but multiple times
for backup recovery purposes. And the number will only increase. Copies of
your medical records will continue to grow over time with system upgrades,
refreshes, testing and development.

Is Peace of Mind Achievable?
The more patients a healthcare facility sees, the more data there is to be
stored, monitored, updated and protected. How do you know that between all
of these patients some of the information isn't getting lost or taken? Was
the information encrypted as it traveled to and from production to
reporting? And, who determines which information is more heavily
safeguarded?

Last year, the healthcare sector reported the second largest quantity of
data breaches, accounting for 34.5 percent of all breaches in 2016. In
these instances, most errors were found to be made by employees, with 4
million records being exposed as a result of human error. Additionally, the
average rate for individual medical records on the black market in 2016
reached $355 – higher than the price of data from any other industry. This
is a terrifying statistic, and one that explains why healthcare is the most
targeted industry by hackers.

As the influx of data grows rapidly and due to the rising security
concerns, it's hard to know if your data is being taken care of with the
same attentiveness as your health. The number of breaches in 2016 alone
doesn't offer any peace of mind, and it's safe to assume the frequency of
attacks will only increase this year.

The Health Insurance Portability and Accountability Act (HIPAA) and the
privacy protections it outlines – along with other federal, state and local
regulations – intend to protect the patient through fines and personal
accountability of healthcare providers and organizations. While this
provides an incentive and guidelines, it doesn't provide the means. This is
a necessary step to bolstering data protection, but vendors are in a
position to help as well. Traditional approaches and technologies are
costly (uplift for encryption cards, licenses or self-encrypting drives),
highly complicated and inconsistent. As such, healthcare organizations,
vendors and partners need to take the necessary steps to develop and
implement modern infrastructure for data protection and storage that
removes the uplift cost, eliminates complexity and extends protection and
reliability throughout the data lifecycle.

Trust breeds patient loyalty. HIPAA compliance, reliability and protection
throughout the data lifecycle can help bring peace of mind to hospitals,
and ultimately the patients they serve. Because, once everything is said
and done, the cost of fortifying against a data breach is miniscule when
compared to the damages a security incident can cause – meaning it's in
everyone's best interest to ensure data remains out of the hands of
malicious parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170223/960f2249/attachment.html>