FEATURE Shields Up
As more care workers go mobile, patient data security has never been more crucial. Nick Banks, VP EMEA and APAC, IronKey by Imation, tells us how to keep digital information under lock and key.
Healthcare providers are under enormous pressure to improve quality of care and operational efficiencies, often through the use of mobile workforces and contractors. Somehow, they must achieve all this while meeting stringent requirements for ensuring that patient data remains private.
Cyber-attacks have more than doubled over the past five years and are now the most common cause of healthcare data breaches, with the average cost of a data breach for health organisations estimated at nearly £1.5 million ($2.1 million) according to the Ponemon Institute's fifth annual survey on healthcare data security.
reasons. Firstly because private health organisations house lucrative personal financial data, and secondly, many healthcare organisations do not have the necessary security layers in place to prevent attacks, thus making them an easy target.
Examples of cybercriminal attacks on healthcare organisations are becoming far too common an occurrence. In the UK, Big Brother Watch, the civil liberties and privacy group, claimed that using Freedom of Information requests it found that confidential patient records are being lost and inappropriately shared by the NHS at an average of six times per day.
Cyber-attacks have more than doubled over the past five years and are now the most common cause of healthcare data breaches.
The repercussions of a data breach can be hugely detrimental both in terms of reputation and financially since government fines can run into millions. In addition, there is the expense of notifying victims and credit monitor services for affected patients, victim compensation for financial losses and the cost of additional security consultation to make necessary remediation and upgrades.
Despite this, and the statistical evidence of increasing cyber threats, healthcare organisations are still not addressing their security practices. As sensitive patient data can be easily transmitted and exposed, no organisation is safe from a data breach and healthcare organisations are all vulnerable to attack.
Cybercriminals typically target the healthcare industry for two key
twitter.com/TomorrowsCare
Despite this, many healthcare organisations are still woefully unprepared to protect themselves from cyber threats and do not have the resources or processes in place to protect patient data. Add to this the expanding mobile workforce and the challenge of maintaining data security
is becoming an overwhelming burden for the healthcare industry.
Organisations are quickly discovering mobile working has many benefits but also new risks. Not all notebooks and laptop devices are properly encrypted, and not all employees can be relied on to follow security best practices. Staff working from home or in the field could use malware- infected computers that expose networks, applications and databases to hacking and data theft via logic bombs, bad USB or other threats.
Data security solutions focused on strong encryption and identity and policy-based data management is certainly the way forward as mobility in the healthcare industry increases. Data security requires security encrypted devices that protect digital identities and applications wherever they reside.
University Hospital Network, a provider of acute hospital care, for example, needed to ensure that private health information records removed from the organisation were always protected and had the appropriate levels of encryption as part of its security policy.
Following a series of major public sector data losses, the university hospital system had to comply with government ICO legislation and the UK Data Protection Act. Administrators needed to ensure that any device removed from the institution’s facilities was secure, and that remote staff would have secure and trusted access to private data.
The hospital wanted the strongest encryption possible, housed drives that were both rugged and reliable, that could be tracked from the cloud and remotely destroyed if they were lost. The hospital eventually chose IronKey flash drives for their FIPS 140-2 Level 3 protection and ability to monitor and manage storage devices.
The simple security mantra is “encrypt”. In addition, carry out privacy and security assessments regularly so that it is budgeted and expected. Be proactive about patient data security, look to see if you have any security gaps and firmly close them. Identify issues before cybercriminals identify them in your organisation.
Health organisations that have not taken charge of their data security and compliance to avoid potential data breaches and hefty fines, not to mention reputational damage, should do so as a matter of urgency or risk becoming another data breach statistic.
Download IronKey by Imation’s whitepaper ‘Mobile Security for Healthcare’ here.
www.imation.com/en/ironkey - 15 -
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50