dcsimg

Health Care Data Breaches: 5 Tips for Protecting Sensitive Information

  • Health Care Data Breaches: 5 Tips for Protecting Sensitive Information-

    Inventory Third-Party Relationships

    Perform a comprehensive inventory of all your existing third-party relationships.

    No matter the size of your health care organization, third parties pose one of the greatest security threats to your data. In fact, according to the Ponemon Institute, 65 percent of organizations that reported sharing data with a partner also reported a subsequent breach through that partner. The simplest way to protect your health care data from third parties is by knowing who's handling your data. Start by making a list of all the third parties that come into contact with your data (because if it's not immediately clear who's handling your data, how on earth can you protect it?). Your list should also include any external software engineers or IT consultants, and/or your data backup company. It should also include your data center, cloud hosting provider and/or phone provider. Make sure this list is continually kept up to date and made accessible to all authorized personnel in your organization.

1 | 2 | 3 | 4 | 5 | 6 | 7

Health Care Data Breaches: 5 Tips for Protecting Sensitive Information

  • 1 | 2 | 3 | 4 | 5 | 6 | 7
  • Health Care Data Breaches: 5 Tips for Protecting Sensitive Information-2

    Inventory Third-Party Relationships

    Perform a comprehensive inventory of all your existing third-party relationships.

    No matter the size of your health care organization, third parties pose one of the greatest security threats to your data. In fact, according to the Ponemon Institute, 65 percent of organizations that reported sharing data with a partner also reported a subsequent breach through that partner. The simplest way to protect your health care data from third parties is by knowing who's handling your data. Start by making a list of all the third parties that come into contact with your data (because if it's not immediately clear who's handling your data, how on earth can you protect it?). Your list should also include any external software engineers or IT consultants, and/or your data backup company. It should also include your data center, cloud hosting provider and/or phone provider. Make sure this list is continually kept up to date and made accessible to all authorized personnel in your organization.

After high-profile data breaches at Anthem and Premera and a continual string of breaches at several smaller health care organizations, cybersecurity experts around the globe are dubbing 2015 the year of the health care data breach.

Why are all of these breaches happening? Simply put, the sensitive nature of personal health information makes this data a goldmine for attackers. Not only is the data itself appealing to obtain, but because of health care's extensive partner network — made up of providers, administrators, insurance companies, billing partners and more — health care data is often vulnerable at many points throughout the business process. According to a report from the Shared Assessments Program and Protiviti, third-party risk programs in the health care industry lack maturity and put confidential patient data at risk.

Additionally, with more and more health care organizations taking advantage of the accessibility and scalability of the cloud, the lack of focus on third-party security only creates more risk. Case in point: In September 2015, insurance claim data and other highly sensitive patient information was inadvertently posted on Amazon Web Services after an error was made by claims administration software provider Systema Software. So, what steps can health care organizations take to ensure their partner networks are not putting them at risk? In this slideshow, Brian Ahern, CEO of Threat Stack, provides five tips health care organizations can use to improve their security posture and better protect sensitive patient information.