Health Care Data Breaches: 5 Tips for Protecting Sensitive Information

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Health Care Data Breaches: 5 Tips for Protecting Sensitive Information-3 Next

Review Third-Party SLAs

Ensure third-party service-level agreements (SLAs) are in place, up to date and optimized to effectively outline the roles and responsibilities of all parties.

Once you've established who is coming into contact with your health care data, it's crucial to determine what level of service those third parties will provide, particularly so that no security responsibilities are neglected. For example, if your cloud hosting provider assumes your organization will implement and update your firewalls, but your organization assumes the cloud hosting provider will be handling firewall maintenance, that crucial security measure will be neglected and your data will be vulnerable. Clearly defining third-party responsibilities and policies for topics such as equipment use, network use, virtualization technologies and incident response can help ensure security and prevent potential liabilities in the event of a breach.

After high-profile data breaches at Anthem and Premera and a continual string of breaches at several smaller health care organizations, cybersecurity experts around the globe are dubbing 2015 the year of the health care data breach.

Why are all of these breaches happening? Simply put, the sensitive nature of personal health information makes this data a goldmine for attackers. Not only is the data itself appealing to obtain, but because of health care's extensive partner network — made up of providers, administrators, insurance companies, billing partners and more — health care data is often vulnerable at many points throughout the business process. According to a report from the Shared Assessments Program and Protiviti, third-party risk programs in the health care industry lack maturity and put confidential patient data at risk.

Additionally, with more and more health care organizations taking advantage of the accessibility and scalability of the cloud, the lack of focus on third-party security only creates more risk. Case in point: In September 2015, insurance claim data and other highly sensitive patient information was inadvertently posted on Amazon Web Services after an error was made by claims administration software provider Systema Software. So, what steps can health care organizations take to ensure their partner networks are not putting them at risk? In this slideshow, Brian Ahern, CEO of Threat Stack, provides five tips health care organizations can use to improve their security posture and better protect sensitive patient information.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Security119-190x128 8 Tips for Ensuring Employee Security Compliance

IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.