Health Care Data Breaches: 5 Tips for Protecting Sensitive Information

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Health Care Data Breaches: 5 Tips for Protecting Sensitive Information-5 Next

Know Your Insider Threats

Do you know which applications, processes, and users are accessing personally identifiable information (PII) in your systems? Can you be certain that PII access is limited to only approved and authorized users? Health care organizations need to be able to answer these questions, because even with tight security controls in place, insiders can often obtain unauthorized access to highly confidential data like PII. Continuous security monitoring can mitigate this security risk by offering constant visibility into the processes, users and network activity related to PII while still allowing your organization to function at its normal velocity. Health care organizations should also employ additional security controls for their employees' mobile devices (including encryption, secure passwords and app usage monitoring) and enforce strict "shadow IT" policies. By monitoring which work-related cloud services or SaaS products employees are using and ensuring work-related passwords aren't used for those accounts, it will be much more difficult for attackers to leverage employee information to gain access to your data. 

After high-profile data breaches at Anthem and Premera and a continual string of breaches at several smaller health care organizations, cybersecurity experts around the globe are dubbing 2015 the year of the health care data breach.

Why are all of these breaches happening? Simply put, the sensitive nature of personal health information makes this data a goldmine for attackers. Not only is the data itself appealing to obtain, but because of health care's extensive partner network — made up of providers, administrators, insurance companies, billing partners and more — health care data is often vulnerable at many points throughout the business process. According to a report from the Shared Assessments Program and Protiviti, third-party risk programs in the health care industry lack maturity and put confidential patient data at risk.

Additionally, with more and more health care organizations taking advantage of the accessibility and scalability of the cloud, the lack of focus on third-party security only creates more risk. Case in point: In September 2015, insurance claim data and other highly sensitive patient information was inadvertently posted on Amazon Web Services after an error was made by claims administration software provider Systema Software. So, what steps can health care organizations take to ensure their partner networks are not putting them at risk? In this slideshow, Brian Ahern, CEO of Threat Stack, provides five tips health care organizations can use to improve their security posture and better protect sensitive patient information.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.