Healthcare data breach prevention measures are essential in today’s industry, especially as technology continues to evolve and more facilities begin to connect to other networks. Secure data sharing is more prevalent, and organizations need to ensure that as they store, transfer, and use information, they remain compliant with all federal, state, and local laws along the way.
Recent reports show that even though healthcare might be concerned with its data security and data breach prevention measures, it might not always have the necessary tools available. Moreover, research shows that cybersecurity threats are continuously evolving, but there are still some older types of cyber attacks that entities across numerous sectors fall for. A comprehensive data security plan is essential for data breach prevention, especially as data storing, syncing, and sharing grows in popularity.
A recent Biscom survey found that the healthcare industry is greatly concerned with its data security measures, but it is the least likely to use secure data sharing methods.
Organizations across 13 industries stated that security is a major deterrent when it comes to file synchronization and sharing, but “the healthcare industry is one of the most polarizing when it comes to security,” according to Biscom.
The research also found that 100 percent of surveyed healthcare facilities said that ranked security as either the top issue or second most important feature when it comes to secure file transfer (SFT) services. However, healthcare respondents also reported that they may not be using the best tools. For example, respondents that ranked security and encryption as the most important feature, 81 still use email to share files and 45 percent still use FTP.
Other key findings from the report showed how healthcare respondents viewed the features of secure synchronization options:
- 80 percent of respondents said security was “critical”
- 86 percent said ease of use was either “critical” or “very important”
- 60 percent reported that speed was either “critical” or “very important”
- 43 percent said storage and large file support were either “critical” or “very important”
A particularly disturbing find in the survey though was that 93 percent of healthcare respondents would opt for a “simple and easy to use solution” instead of a “complex, but full featured solution.”
Verizon’s “2015 Data Breach Investigations Report” also surveyed numerous industries, including healthcare, and found that 70 percent of today’s cyberattacks use a combination of sophisticated attacks and older methods, such as phishing and hacking.
The report also found that many existing vulnerabilities remain open, due in large part to security patches never being implemented – even though solutions have been available for some time.
“No industry is immune to security failures,” the report’s authors wrote. “Don’t let a ‘that won’t happen to me because I’m too X’ attitude catch you napping.”
Verizon also outlined nine threat patterns that make up 96 percent of security incidents:
- miscellaneous errors, such as sending an email to the wrong person;
- crimeware (various malware aimed at gaining control of systems);
- insider/privilege misuse;
- physical theft/loss;
- Web app attacks;
- denial-of-service attacks;
- point-of-sale intrusions;
- payment card skimmers.
Healthcare was also one of the leading industries when it came to data breaches being caused by physical theft or loss, according to the Verizon report.
“Full-disk encryption, locking down USB ports, password protection, and the ability to remote wipe continue to be the recommended countermeasures, as it’s much better to be ahead of these incidents than be behind the eight-ball,” the report read. “Protecting the data and documenting the steps you have taken to do so is likely the best you can do to avoid a painful post-incident series of events.”
Data breach prevention measures cannot just be relegated to one area. Hacking and cyberattacks made headlines for the first part of 2015, but email phishing attacks still take place, and facilities cannot ignore the importance of employee training. Therefore, healthcare facilities must use a well-rounded approach to their data security measures.