This document discusses enhancing data security in healthcare by closing gaps in unsecured communications. It notes that healthcare is one of the most vulnerable industries to cyberattacks, with many recent breaches exposing patient data. While security is important, many healthcare companies are unprepared for attacks and share large amounts of data via unsecured methods. The document provides recommendations on keeping security plans updated through educated employees, tight processes, and the right technology like encryption, firewalls, and data loss prevention. It emphasizes defining a data strategy, implementing policies and layers of security tools, training end users, and developing business continuity plans to protect patient data.
2. 2
WHAT’S THE PROBLEM?
Healthcare one of top 4 most vulnerable industries to cyberattacks1
Patient data exposed for over a month due to
major Medicaid and Affordable Care Act insurer
breach
300K records breached in
ransomware attack on
Pennsylvania based
health care group
Virginia based health
system data breach
affects 650K patients
after vendor
inadvertently made
PHI accessible on line
U.S. healthcare
cyberattacks increased
63%
last year1
1 Source: The Merkle
2 Source: Becker's Hospital Review
3. 3
SECURITY IS MORE IMPORTANT THAN EVER
39%
of healthcare
companies aren’t
prepared for a
cyberattack1
1/3 of hospital CIOs
estimate more than
20%
of data is shared via
unsecured methods2
“The sensitivity of health-related information and large number of data touch points”3
“46% admit employees were not following policies for securing devices”4
Healthcare is one of the most vulnerable industries. Why?
1Source: The Merkle
2Source: Spok 2017 CHIME Survey
3Source: Health IT Security
4Source: Healthcare IT News
4. 4
KEEP YOUR SECURITY PLAN UPDATED
The time to secure patient data is now
Financial Compliance Reputation Patient Care Research
Benefits
6. 6
Implement multiple layers of security tools to support policies
TECHNOLOGY
Monitoring
capabilities
Firewalls
Blacklist/
whitelist
mechanisms
Virtual private
networks (VPNs)
Secure text
messaging
Data encryption
Data loss
prevention (DLP)
solutions
7. 7
TECHNOLOGY
Ensure your storage technology is secure
Protected health data should be stored on
secure servers or secure cloud environment
Access to data should be restricted
to authorized users
Storage vendors must adhere to the same
privacy and security rules
8. 8
TECHNOLOGY
Address smartphone security with enterprise mobility management
Allow employees to use the
mobile devices they prefer
Use EMM solutions to
safeguard the unauthorized
transmission of ePHI
10. 10
PROCESS
Tracking all devices
Patient information
should be restricted to
those who need it to
do their job
Even devices of those
with approved access
can pose a security
threat
11. 11
PROCESS
Partner encrypted technology with the right processes
Understand where patient data is stored
and how it’s transmitted
Be aware of lost or stolen mobile devices
and overall network security
12. 12
SENDING AND RECEIVING ePHI
Secure data while it’s in your possession
Secure data while it’s in transit
Ensure appropriate security measures
Document and analyze decisions and rationale
Periodically review and update security measures
13. 13
PROCESS
Implement policies to support your data-protection strategy
Acceptable use policies
give employees solid
direction on
maintaining privacy
Human error or
negligence is one of
the greatest dangers to
the security of PHI
14. 14
PROCESS
Develop an overall business continuity plan
Ability to constantly access medical
records can be a matter of life and death
Your plan should detail the people,
processes, and technologies necessary
to keep IT systems operational
15. 15
PEOPLE
Train your end users
• Human error/negligence is
a major cause of breaches
• Include a strong employee
education component
16. 16
PEOPLE
Addressing human error
Users should have unique,
authenticated identities to access PHI
Protocols should include auditing
functions that monitor proper use and
can trace the source of any breaches
17. 17
SECURE TEXT MESSAGING
Access staff directory and on-call schedules
Security and encryption
Receive patient care alerts and test results
18. 18
TAKEAWAYS
Protect your patients
1. Define your hospital’s strategy for managing sensitive data
2. Implement policies to support your data-protection strategy
3. Implement multiple layers of security tools to support policies
4. Train your end users
5. Develop an overall business continuity plan
19. 19
LET’S GET IN TOUCH!
Learn more:
CASE STUDIES VIDEOS
We’d love to hear from you!
spok.com
getinfo@spok.com