The world of technology keeps evolving; and with it, the level of threat.

Unfortunately, statistics in 2017 proved that not only are companies in the healthcare sector not as prepared to face the challenges, but are more likely to be susceptible to malware attacks.  The good news is, the most common vulnerabilities in healthcare security are well known and can be mitigated.

Known Security Vulnerabilities in Healthcare

Those in the healthcare industry carry more risk than other organizations because of HIPAA requirements and protected health information (PHI). Any information about health status, provision of health care, or payment for health care that is created or collected and can be linked to a specific individual must be secured and protected under U.S. law. We have compiled the top 5 vulnerabilities which may affect PHI compliance, and which you should be aware of and preparing for.

  1. Mobile Devices: As more and more employees have access to PHI via mobile devices, you can no longer simply secure the data in one place. These devices may include PDAs, iPads, flash memory cards, and thumb drives. These devices don’t have the same level of security controls as computer systems, and are responsible for a growing number of breaches. Healthcare security must include a way to safeguard information on these devices.
  2. The Cloud: The cost efficiency of cloud computing makes it a viable option for many healthcare organizations, but also adds a layer of complexity to maintaining PHI. The organization is ultimately fully legally responsible for any breach which should occur which is in violation of  HIPAA statutes and regulations, even if it occurs offsite “in the cloud”.  Healthcare organizations need to have a way to monitor and protect the data when it goes into the cloud.
  3. Distribution of Data: Many of the breaches in the healthcare sector occur when data is transferred between the organization and a third party, such as between a doctor and an independent laboratory. Even if your organization has strong privacy controls, the receiving organization may not. Companies involved in the transmission of data need to investigate ways to protect data both in transit and after arrival. There should be a policy in place to audit third party partners for HIPAA compliance.
  4. Outsourcing to Third Party Vendors: Outsourcing is common across all industries and has grown ever more popular as a way to reduce costs and minimize overhead. Your outsourcing partners may include business associates, suppliers, vendors and tangential services with which you share data. Despite its importance, it is estimated that only one third of healthcare organizations properly ensure partners maintain compliance.
  5. Cybercrime, Theft and Fraud: Lost or stolen data is increasingly becoming a problem for all businesses, and healthcare is no exception. Whether physically stealing a computer or hacking into to the system to obtain private data, some of the most significant data breaches in recent years are the result of criminal behavior. In addition to providing adequate physical controls such as card key entry and restricted access, healthcare organizations should  protect their data behind firewalls, anti-virus software, updated software and strong passwords.

While confronting the issues of data security and PHI privacy may seem overwhelming, identifying these known vulnerabilities gives you a place to start. By addressing these common problems, you will go a long way towards having a strong and comprehensive enterprise-wide plan. If you need advice as to how to best guard against the pitfalls of distributed computing, partner relationships, and rising cyber crime, call Alliance IT. We solve these issues every day, and can provide the expertise you need to achieve your security goals.