The number of American healthcare data breaches almost doubled in 2016, averaging more than one data breach per day in 2016 for a total of 450, up from the 253 breaches that took place in 2015. (1) The 2016 Data Breach Incident Report describes healthcare as one of the most affected industries by cybersecurity threats, both insider and privilege misuse. (2) Half of the breaches were caused by insider threats and the remaining were from external forces which included hacking.
It is clear that the healthcare industry, like any other, is facing increasing security challenges. What makes their challenges unique, and therefore more difficult to solve, is that implementing industry-standard cybersecurity practices isn’t practical. It can inhibit clinicians’ work, also leading to life-and-death consequences. For example, systems that prevent log-ins if clinicians are logged-in elsewhere can interrupt or delay surgeries or hinder emergency treatments. (3)
Healthcare Cybersecurity: Protecting the Cloud & Mobile Devices
Mobile and cloud technologies, as well as healthcare exchanges, are all changing the way healthcare organizations manage risk internally, extend security to their partners and ensure security in concert with their application providers. Demand for consumer-facing applications, especially mobile applications (and emphasis on patient engagement, which drives portal access), spawns a whole new set of concerns and risks. Such applications rely on consumers to manage their own sensitive data. (4)
How do we keep this data secure?
Medical data such as patient records are typically accessed from one common point that may or may not be managed under company policy. Security can be increased on devices and applications, however user access still remains a vulnerable in how sensitive information is accessed and shared. It is imperative that organizations invest in ongoing education and awareness to “secure the human” mobile workforce. Modern Mobile Device Management and other device management programs are beginning to help reinforce these efforts with such capabilities as alerting a user when a possible policy violation is detected. (5)
Employee monitoring applications are becoming standard in many companies, particularly those handling sensitive software such as in the healthcare sector. This software monitors what users are doing while logged in remotely and helps to provide clear evidence and root causes during investigations of security breaches.This software is often necessary for compliance and auditing purposes as in the case of HIPAA medical regulations regarding handling of patient records.
Using a combination of technological innovations, common sense practices and education are necessary tactics to prevent as well as to help to resolve security breaches. It is the duty of every organization, especially those which handle sensitive data like those in the healthcare field, to ensure they take every practical measure possible to reduce the likelihood of future threats.
Would you like to learn more?
Visit our website to discover the most robust Remote Desktop Session Recording software available.