In a slideshow recently published in IT Business Edge, breaches within healthcare organizations hit an all-time high in 2015. With healthcare records growing in value, cybercriminals have realized they can get a quick payout by hacking this confidential information and selling it to other malicious actors or groups.
Healthcare organizations have become easy targets because they tend to place more emphasis on compliance rather than important security measures. Meeting the letter of the law does not mean you are safe and secure. Imagine if your doctor only did the bare minimum during surgery to make sure you complied with a text book procedure, rather than actually finishing the job.
I’ve outlined 5 steps every healthcare organization can take to ensure better security of sensitive patient data:
- Always encrypt sensitive health data and files, especially if you share them through file shares and when in storage.
- Stewards of heath data need to control which employees can access the information and what they are allowed to do with it.
- Do not simply rely on perimeter security tools – create a PHI off switch that allows the organization to render PHI useless as needed. The switch makes PHI immediately unavailable to users on or off the network.
- Implement a data-centric approach and place security above compliance. In today’s sophisticated threat environment, it is crucial to focus on protecting the data, not just the system where it lives.
- Use a data security framework to monitor PHI, control access to PHI, and identify where it is located within the system.
Photo credit Army Medicine
