Forgotten data could be a liability for hospital security

Keeping a comprehensive inventory of a hospital's files can help prevent sensitive data from getting lost in the shuffle.

Keeping a comprehensive inventory of a hospital’s files can help prevent sensitive data from getting lost in the shuffle.

Everyday it seems like some new cybersecurity threat is rearing its head. As much as organizations bolster their networks’ defenses, they will eventually fall victim to a breach if they do not remain proactive about security. Staying apprised of new cyberthreats and taking the proper precautions is the only way to establish a secure network. With their great caches of valuable patient information, medical facilities have long been a prime target for data thieves. The first step to securing that data is to know what dangers lurk around the corner. Thankfully, cybersecurity experts are consistently doing their best to spread the word on the latest network vulnerabilities. A recent report released by the risk assessment firm Kroll Advisory Solutions identified the theft of old and long forgotten data files as a risk hospitals should defend against.

Vampire data lurking in the system
Kroll’s 2013 Cyber Security Forecast highlighted files known as “vampire data” as a potentially vulnerability for hospital networks. The term refers to data that medical practitioners are unaware even exists until hackers gain access to it. If a hospital’s computer system isn’t being closely monitored by the administration, its exact contents can become lost within the labyrinthine registry. Sensitive data files that had been marked for deletion but either weren’t or were copied elsewhere on the system can survive undetected for years.

Cybercriminals can make off with data contained in outdated system restore and recovery mechanisms or in emails have remained in system archives. Hospitals should also look out for documents that have been erroneously transferred to a cloud-based storage network.

Taking the proper precautions
The main defense against the misuse of these files is for hospital administrators to an keep up-to-date and thorough inventory of computer network contents. This process includes cataloging data in terms of sensitivity and likelihood of being targeted by cyberthieves. Once personnel know every inch of their computer system they can take steps to restrict access to high-risk information. Installing application control programs can ensure that sensitive data is only accessible to those who absolutely need to use it. Many medical facilities struggle with protecting their patient information. According to a survey conducted by the Ponemon Institute, 94 percent of hospitals reported experiencing a security breach within the last two years. The threats will keep appearing, but a good first step is knowing exactly what data healthcare facilities possess.

Are hospitals doing enough to protect the sensitive information they collect? How concerned are you that data is being lost or forgotten about? Tell us what you think in the comments section below!

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.