From personal data and health records to bank account information, healthcare services collect a vast amount of highly sensitive information about their customers. As a consequence, they have become an attractive target for cybercriminals but are also plagued by employees that fail to handle sensitive data with care.
To ensure compliance and avoid fines and other costs associated with data breaches such as lost business and reputational damage, healthcare services need to build a comprehensive data security strategy that protects sensitive information from external and internal threats. Let’s take a closer look at how they can achieve this.
1. Deal with internal threats
The healthcare sector struggles with a particularly high level of negligence in its employees. Twenty seven per cent of its breaches are due to human error, one of the highest percentages across all industries. A further 27 percent of malicious incidents also have employees as the root cause as they fall victim to phishing and social engineering attacks or attempt to steal data themselves.
This is problematic because, by law, most health data is not allowed to leave an organization’s premises without being encrypted or transmitted through secure, authorized channels. Healthcare services can turn to Data Loss Prevention (DLP) solutions to control the flow of sensitive health data in and out of their networks.
Designed to protect sensitive data directly, DLP tools use predefined profiles and customized definitions to track and control sensitive data. With powerful content inspection and contextual scanning tools, DLP solutions can identify health data in files and the body of emails before they are sent, blocking their transfer through unauthorized channels.
2. Restrict access to data
Another way health data can become vulnerable and exposed to theft is when it is stored locally on work computers. Employees often access, save and download sensitive data as they perform their tasks and can forget to delete these files when they are no longer needed. This poses a significant risk to data security & the need to limit data access to a need-to-know basis.
DLP solutions can scan for sensitive data stored locally on the entire company network, and when it is found in unauthorized locations, admins can take remediation actions such as deletion or encryption. Healthcare services can thus ensure that no employee continues to have access to sensitive data they no longer need to perform their duties.
3. Control removable devices
Although the internet is gaining traction as the data transfer method of choice, many employees still use removable devices such as USBs or external hard drives to copy large amounts of information or big files. But, these devices can easily be lost or stolen due to their size. Worst still, in recent years, USBs, in particular, have also become popular tools for malware attacks.
Healthcare services wishing to address these risks can use DLP solutions to monitor and control the use of peripheral and USB ports as well as Bluetooth connections. They can choose to block their use entirely or limit it to approved devices. In this way, healthcare services can track which employee is using which device at what time, making it easy to spot suspicious activity on the network and potential data theft.
Healthcare organizations can also take an extra step and use an enforced encryption solution to vouchsafe data security. In this way, they can ensure that any data copied onto a USB is automatically encrypted, and access to it is restricted to those with a decryption key.
By Filip Cotfas, Channel Manager, CoSoSys
(DISCLAIMER: The views expressed are solely of the author and ETHealthworld does not necessarily subscribe to it. ETHealthworld.com shall not be responsible for any damage caused to any person / organisation directly or indirectly)