Health data breaches = Lost $$$, lost patient data, government scrutiny, lost patient and public trust, HIPAA fines, pain, stress, and lots of should haves, could haves, and would haves.
Save yourself the pain and implement at least the three following security measures in your organization.
Firewalls
Firewalls control incoming and outgoing traffic based on an applied rule set. They commonly prevents users from navigating to untrusted sites and sites that may not be secure or may pose a threat to the network. They can intercept traffic at the network/packet layer, the application layer, or via proxy.
Virtual Private Networks
Virtual Private Networks, or VPNs extends the benefits of a private network across a public one (lilke the Internet). Using a VPN ensures that your internet connection is secure and all sent and received data is encrypted. This is done through “tunnelling” to encapsulate packets sent between the two networks.
VPNs are commonly used by employees to access corporate data and intranets regardless of geographical location, those who like to browse the internet without the thought of prying eyes, those who many need an IP address from another country to get around location-restricted content, or those who just like their privacy and security.
Encryption
Encryption encodes messages so that only those authorized to access the information may do so. Encryption encodes plaintext into ciphertext using a psuedo-random encryption key. Encryption keys and decryption keys specify how the transformation between plaintext and ciphertext occurs.
In symmetric encryption, both computers have the same encryption and decryption keys. Meanwhile, with public key encryption, only the receiving party may decrypt data using a decryption key. So, in this popular type of encryption, public keys encrypt data and private keys decrypt data.
Security Best Practices
Of course there is more you should do, but at the minimum, your network should maintain at least the following best practices when it comes to security.
- Encrypt your data
- Do not allow removable media on your network
- Use SSL on your website and scan daily for threats
- Use spam filters
- Install and use a comprehensive security solution (antivirus, firewall, intrusion detection, etc)
- Encrypt your data
- Keep up-to-date on security patches
- Train your personnel on security and commonly used tactics like social engineering
- Implement Data Loss Prevention and systems audits to watch inflow/outflow on your network
- Did we say encrypt your data yet?
Proactive Security Measures
In addition to implementing these three security measures plus the best practices, your organization can become more proactive in its approach to security of its clinical information systems by understanding areas at risk for a potential breach.
Becoming proactive about security can be done in multiple ways.
Various companies offer software that scans your system for vulnerabilities. Completing security scans on a regular basis may help protect your system from attack and can indicate where security needs to be bolstered.
Another great way to be proactive when it comes to security is to hire a Certified Ethical Hacker (CEH) to try to penetrate your network. Would you rather find out about holes in your network by a “good guy” like a CEH or a “bad guy” who will steal your patients and employee data? Avoid the panic and have someone who is on your side show you just how easily someone can get to your most valuable data. It may be scary and you may not want to deal with it now, but please, please, please, just do it.
If you feel anxious about someone penetrating your organization’s data, even though you feel you have done everything in your power to prevent that from happening, then purchasing data breach insurance may give you the peace of mind that comes with high costs of a data breach.
These are just some ideas on how you can prevent your data from getting into the hands of someone with malicious intent. There are plenty of other ways to secure your network, but having at least these three concepts in place is a good starting point.