Almost every week you read about a malicious security attack – one that has comprised consumer data, credit card information that was stolen or another case of identity theft. Maybe it’s even happened to you. Although the media tends to focus on what hits consumers’ pocketbooks, the harsh reality is that cyber criminals and those with malicious intent are looking for a bigger score, which could be your organization…
Consider this fact: A credit card record on the black market may fetch $2, but patient records like those you keep in your organization demand between $60 and $70.
Think about your own organization. Do you use cell phones or tablets? Even if you think those devices are “secure”, they can still leave the door open for malware and worms to jump from phone to phone or system to system over wireless data networks, leading those with malicious intent directly to your patients’ data and records.
You can read all the scary statistics, but what matters most is what you are doing about it…
What Are the Risks and Solutions?
1. Establish security standards and practices for mobile use. You likely already have security practices in place for in-office procedures. Now it’s time to take this a step further and draft a comprehensive mobile device policy that addresses the appropriate use of mobile tools and devices, particularly involving information access. If possible, implement a mobile device security program to prevent the transfer of information, whether to a customer or another employee.
2. Build standards for document security and sharing. Speaking of mobile, you may be like many other organizations that have invested heavily in mobile health (mHealth) applications. This seems like the perfect solution to communicating effectively with patients; however, what reassurance do you have that your partner takes security as seriously as you do? A recent study found that 66 percent of mHealth apps that sent identifying information over the Internet did not use encryption, and 20 percent did not implement a privacy policy. It’s absolutely terrifying to think that if there is a breach that results from a data transfer, your organization can be liable…
By having clear control points for transferring information, and having clear document security measures in place, you gain control in knowing who is involved in the process.
3. Fortify your protection. Most small organizations rely on firewalls thinking that they are secure. However, these single-point security measures no longer cut it. Every healthcare organization needs to implement a secure system to detect, resolve, and notify critical parties of vulnerabilities or other security events, such as attacks. Mobile devices are becoming one of the most vulnerable tools in a healthcare organization’s technical infrastructure. The cold, hard truth is that many organizations make the huge mistake of thinking that they are secure, and no one ever thinks a data breach will happen to them, but it does… In a recent study that analyzed healthcare data breaches between 2010 and 2013, 32.7 percent of the data breaches came from mobile electronic devices or laptop computers, which totaled to nearly 9.5 million compromised records.
The Minimum is No Longer Enough…
Now that you are probably thinking about your own security practices, and maybe even feeling a little nervous about where your organization might be vulnerable, start by asking yourself these questions:
√ Do we have a clear mobile device security policy?
√ Can our employees and executives cite the key points of the policy from memory?
√ Do we have a “zero tolerance” policy for patient data transmitted over personal mobile devices?
√ Is there a system of accountability when it comes to accessing data on company owned mobile devices?
√ Do we have a secure system in place for data transfers via appropriate mobile devices?
√ Do we have a secure system in place to protect stored data?
If you unable to confidently answer YES to each of these questions, then it’s time you do something about your security. The minimum is no longer enough…
Discover Where Your Organization is Vulnerable
In our work, we often find that painless changes yield the biggest results, and the biggest vulnerabilities aren’t those you consider first.
Servers, malware, network security, mobile devices, policies, procedures, accountability – do you know where your organization is safe and where your organization is vulnerable? Find out in a no-charge risk assessment.
