Four ways to exemplify IT security and privacy best practices in the healthcare industry
When it comes to healthcare information, security and privacy should be top of mind. That’s because healthcare data harbours all kinds of sensitive information.
The danger is that this rich hub of valuable data can also be transformed, by a cyber-criminal, into an endless source of malicious possibilities.
Targeted institutions and patients must deal with the long term effects of a breach of sensitive and very personal data. Unlike banking accounts, data related to healthcare, such as birth dates, rarely have the option to be ‘cancelled’ and are often used fraudulently for virtually forever. And that’s not all – cyber criminals can broadcast doctors’ reports, interfere with patient records, perform malicious hacking and inappropriately steal and use personal health information caused by insider threats.
Recent IDC reports indicate the same concern, recommending Canada’s government and healthcare organizations invest in multi-pronged security and privacy strategies to fight against sophisticated attacks before it’s too late. Leaders, of any enterprise for that matter, will need to ensure their security fits with their business and IT strategies, and is appropriately funded.
To combat the harmful risks of a breach, healthcare organizations require a diverse range of capabilities for managing IT vulnerabilities and detecting security threats. During the strategic planning process, consider these four principles to keep your organization’s health in check:
- Secure access of personal records and data
Cultivate a risk-aware culture and ensure systems requiring authorization align with the roles of existing members. While outsiders and unauthorized insiders, such as non-medical staff, certainly increase the level of risk, dangers also extend to staff with granted authorization that exceed their functional needs. For instance, a clinician may choose to access documents outside his or her area of specialization.
- Implement rigorous networks
Access to public and private networks have become a tougher challenge to manage, especially with Bring-Your-Own-Device (BYOD) policies on the rise. It gives users the power to go beyond their traditional platforms and use their device of choice. For institutions, such as hospitals, where a changing flow of visitors and specialists is constant, how people use the network in a volatile user environment is crucial to consider during IT security planning. Good auditing practices are essential.
- Monitor non-IT medical devices
Institutions have to clearly identify and control what its devices are responsible for, especially with all of today’s mixed data. In fact, IBM research indicates that the average person is likely to generate more than one million gigabytes of health-related data in their lifetime – that’s equivalent to 300 million books. It’s crucial to verify all devices are coordinated and intact regardless of the tides of information crashing in. One example of this could be ensuring that a record containing a patient ID is not inadvertently sent to a server that allows access from mobile devices that could potentially leak confidential data.
- Respond quickly to symptoms
Just as time is essential for restoring patients’ health, the same applies to the health of your organization. The longer it takes to counter an attack, the more costly the outcome will be. More time for the attack to progress will allow infiltrators to escalate the issue. Immediate and impromptu responses for what appears to be spontaneous attacks also tend to require a hefty sum of money.
The key to prevention is having a quick and effective incident-response plan in place. Cyber security is imperative to instill among institutions, especially ones that have a profound impact on the lives of its clients.
Join us in the conversation:
- Twitter @IBMCAHealthcareand the hashtag #IBMCAHealthcare. If you are attending ehealth and want to engage with our healthcare leaders, do give us a shout out on twitter and we will connect with you soon. Event’s official hashtag is #eHealth2016 so use this along with #IBMCAHealthcare in your tweets.
- Blog – IBM officialblog page (Insights on Business): Book mark and subscribe to learn more from IBM experts and thought leaders.
- LinkedIn – Smarter Healthcare: Join the group to network, discuss topics and share ideas with healthcare industry experts.
- YouTube – IBM Healthcare Channel: Subscribe and watch insightful videos from healthcare & life sciences industry.
- Slide Share – IBM Healthcare Slideshare
IBM will be at eHealth 2016. Continue the conversation with IBM’s Paul Lewis about securing your healthcare enterprise. Visit us at Booth 716.
This article was originally published in Canadian Healthcare Technology (September 2015)
The post Strengthening Your Organization’s Immune System appeared first on Healthcare and Life Sciences Industry.