How hospitals are keeping patient data secure
used with permission from HP Technology at Work
Given the wealth of sensitive personal data healthcare organizations process and store, it’s no surprise that hospitals, medical offices, and other healthcare systems are prime targets for cybercrime. In 2014, an estimated 85 percent of large healthcare organizations faced a data breach, and one in five of those breaches cost the organization more than $1 million to rectify.1
Due to the costs a data breach can inflict on the operation, as well as the patients it’s entrusted to care for, healthcare organizations have become more vigilant and determined to battle cybercrime—and their efforts underscore important steps any business can apply to improve data security.
Step #1: Ensure you’re using devices with multiple layers of security
The problem: For the sake of efficiency, some healthcare operations favored the status quo rather than adopting new technologies designed with advanced security features.2 Many doctors’ offices, for instance, relied on pre-printed prescription pads, which stand particularly susceptible to fraud.
How healthcare is responding: Healthcare organizations are leveraging new options to protect them from loss or liability and reduce fraud. Pre-printed and hand-written prescriptions have given way to more secure options like electronic prescriptions and the HP Prescription Printing Security Solution, which produces tamper-resistant prescriptions that print with security features to assist with stringent government regulations.
The lesson for your business: Data and business information is more vulnerable than ever. The percentage of breaches involving a compromised person or their devices has more than doubled in the last six years.3 Are there places in your organization where outdated technology makes you more susceptible to a breach? If so, how can you close the loop and fortify your business with improved technologies?
Step #2: Assess security across your fleet
The problem: Healthcare operations often focused their security efforts on protecting the most frequently attacked endpoints: the network perimeter, internal computer workstations, and server assets. Though this practice thwarted many unscrupulous attempts to breach data, cyber thieves could still sneak into “side doors,” such as network-connected printers, point-of-system (POS) machines, and even HVAC systems.
How healthcare is responding: Healthcare organizations are working to secure and protect all endpoints, not just the most common targets. A solution such as HP Access Control provides healthcare organizations with print authentication, auditing, authorization, accounting, and secure “pull” printing capabilities to bolster security.
The lesson for your business: Take time to analyze your tech environment and understand the full scope of your security needs, particularly with respect to those often-overlooked elements like uncontrolled print environments.
Step #3: Implement security best practices
The problem: As fast-moving enterprises, healthcare organizations were prone to neglect proven best practices in data security that should have been implemented across the organization.
How healthcare is responding: Savvy operations are now applying numerous best practices in digital security, such as installing up-to-date malware on company-owned devices, connecting printers to the organization’s private network behind a firewall, upgrading devices to the latest firmware, and setting strong administrative passwords to protect devices and prevent configuration changes.
The lesson for your business: Install a multi-layered and comprehensive security plan driven by proven practices.
Step #4: Provide ongoing monitoring and management of security
The problem: From modest events such as an innocent hospital visitor wandering into a restricted printing area, to more malicious occurrences like a disreputable third-party vendor attempting to capture patient information from a desktop computer, healthcare operations faced numerous threats and liabilities each day.
How healthcare is responding: Hospitals have rolled out policies to reduce the risk of a data breach, even if it means a layer of inconvenience for staff and patients. Policies include locking doors and tethering printers, restricting network or computer access, and locking down unused functions.
The lesson for your business: Don’t slack on security, which is a 24/7 effort in today’s digital age. You can never be too proactive or careful.
Learning from healthcare’s example
By consistently assessing security needs, as well as monitoring the security environment and applying battle-tested strategies, healthcare organizations have put security top of mind, placed themselves in a better position to thwart digital thieves, and presented a game plan for businesses of all stripes to follow. Their efforts also emphasize an important message: with heightened, ongoing vigilance, the risk of a data breach—and the potential pain it can inflict on your business and its customers—can be minimized.
[1] PwC, Top health industry issues of 2016
[2] LinkedIn, Three Reasons why Changing the “Status Quo” in Healthcare Operations is a Slow-Moving Process
[3] Verizon, 2016 Data Breach Investigations Report