The Need for Stronger Healthcare Data Security
Think about the phrase “sensitive customer data.” What comes to mind? Social security numbers, cardholder information, mother’s maiden name, driver’s license numbers…All data that could inconvenience or even ruin a person’s life if exposed, as well as ruin a company’s bottom line if the exposure was due to their lack of data security.
Healthcare and insurance organizations in particular are facing a huge number of attacks, as hackers become more cognizant of the vast amount of valuable data housed in these companies’ servers. For Tier-1 organizations, the risks are even greater. The IT infrastructures of high profile companies are often scrutinized for the slightest chink in their armor, any weakness that will expose the data of millions of customers.
Obviously Tier-1 organizations can’t simply erase all of their data and thus remove the proverbial target on their backs. That data is often essential to the everyday management of their businesses. So what’s the solution? You have to enhance your data security even further. Simply meeting compliance mandates is not enough.
Data security for healthcare organizations has to meet the unique needs of the medical industry: secure sharing across a network of care providers, strong encryption of all Personally Identifiable Information (PII), and easy accessibility of patient data for payment and medical history, to name a few.
Here are some first steps healthcare providers should take to ensure that their businesses do not get added to the quickly growing “data breach” list:
- Evaluate your system for weaknesses How often do you assess the strength of your security measures? Is it a habitual process, or do you wait until right before an audit to ensure everything is up to par. Hackers aren’t going to stop searching for a weakness in your infrastructure, so you can’t afford to either.
- Incorporate strong encryption wherever possible Encryption removes a large amount of the temptation surrounding customer data, since there’s little point in trying to steal information that has been rendered useless by encryption. If you’re keeping in-the-clear data where hackers can get it, you’re practically asking for a data breach.
- Educate and assess your employees Not every data breach happens from the outside. Often, the exposure of sensitive data is due to the innocent or intentional negligence of the organization’s employees. Be sure to vet your employees carefully, especially those with access to restricted portions of your infrastructure. Habitual reinforcement of data care policies, as well as an explanation of the importance behind those policies, will go far in ensuring that employees aren’t the weak chain in your data security system.
- Secure data from every endpoint Data has a lifecycle; from generation to storage to transfer to eventual deletion, every aspect of that lifecycle needs to be protected. Healthcare organizations should implement technologies such as Point to Point Encryption for data during transfer, tokenization for customer information during storage, and a physically reinforced, FIPS 140-2 Level 3 validated hardware security module (HSM) for storing and using sensitive data and keys.