Although hackers and other cyber criminals are responsible for a large number of harmful security breaches, the healthcare industry faces other threats as well. According to a recent report by the U.S. Department of Health and Human Services, 40 percent of all large data breaches occurred due to lost or stolen devices. Statistics like these highlight the importance for healthcare organizations to leverage a layered security approach to protect against both outside threats like malware and compliance risks that come from misplaced devices.Both the HHS report and an eWeek article mentioned the importance of encryption in securing healthcare information. According to eWeek, both data that will be transmitted and stored data should be encrypted to prevent compliance violations. Additionally, healthcare organizations should limit the amount of patient and health data that workers are allowed to store on laptops.
Employee education is another factor healthcare organizations should consider. As cyber criminals devise new threats and targeted attacks against organizations, it’s important for workers throughout the organization to be aware of potential threats such as new phishing scams. According to eWeek, a lack of policies on social networking usage and data storage can present compliance risks.
Advances in electronic health record (EHR) technology have allowed for a significant amount of collaboration among healthcare professionals. With sensitive data stored on laptops, smartphones and other devices, EHRs have also made it important to protect both the devices and the data stored on them.
“Data sharing is essential as doctors look to collaborate on patient care as part of accountable care organizations under the Patient Protection and Affordable Care Act (ACA), also known as Obamacare,” the news source said. “But as important as data sharing is, health care organizations are also under a mandate to prevent costly data breaches that plague the health care industry.”
Are you comfortable with electronic health records? Do you feel that hospitals take enough precautions to secure their patients’ data?