What Healthcare Organizations Have to Say About Information Security

Mike Smith by   10.29.2018   Data Security

New research by HIMS media has been published, which highlights the top security concerns of 180 security experts in the healthcare industry, along with their proposed solutions for mitigation.

The top concerns include:

  1. Privacy concerns under HIPAA (59%)
  2. Lack of security architecture for protecting PHI (45%)
  3. Tight security budget (41%)
  4. Limited talent resources (39%)
  5. Lack of internet policies (27%)
  6. Defining/implementing business associate agreements (27%)
  7. Lacking BYOD policy (14%)

In summary, there appears to be an overall lack of technological innovation, cyber-security skills, resources, policies and agreements in place to adequately protect their sensitive data. The next question is: what are hospitals actually doing to tackle these issues?

Training and On-Boarding

In order to deal with the lack of security professionals, 58% of respondents said that they were focusing on training staff members on security best practices. This also includes encouraging employees who have demonstrated success to share their knowledge with their peers – according to 34% of respondents. Given that humans are the weakest link in most organizations, a focus on training is an essential route to take. In addition to training, 29% said that they are seeking new security professionals to join their team.

Enhancing Privacy Policies

51% of respondents have said that they are working with both legal and compliance teams to enhance their privacy policies. Under the HIPAA regulations, organizations must ensure that they limit the circumstances in which an individual’s PHI may be used or disclosed by covered entities. It also requires all health plans and covered health care providers to develop and distribute a clear, user-friendly explanation of individual rights with respect to their PHI and the specific privacy practices of the organization.

Improving Technological Infrastructure

Many healthcare service providers are still using outdated technology, which will obviously present a security risk. 37% of respondents said that they are going to establish a committee, who’s role is to assess the potential security impact of new technologies, and 28% said that they were evaluating and piloting new technologies. 32% of respondents believe that it is important to work with trusted and well-established vendors. Of course, the introduction of new technologies will require financial support, hence why 26% of respondents are looking to secure additional funding from senior executives.

Co-Ordinating Security Practices Across Departments

Naturally, without a well-documented security strategy, the risk of a security incident will be much higher – a view held by 49% respondents. With the help of security consultants to facilitate the co-ordination of security projects, all departments must be briefed on this strategy, to ensure cross-departmental alignment on security best practices (38%).

Given the limited resources available, the phrase “work smart, not hard” should be the mantra for all healthcare service providers. They need to pay close attention to the security risks posed by their own staff, as well as third-party contractors. Educating all relevant stakeholders is crucial to mitigating costly errors; however, monitoring access to privileged user accounts and documents that contain PHI should be a priority. Advanced security auditing solutions, such as LepideAuditor, provide healthcare enterprises with the insight they need to determine exactly who, what, where and when, sensitive data is being accessed, moved, modified or removed. They do this by placing data at the heart of cybersecurity.

Such solutions enable you to identify where sensitive data is located so that you know where the most likely threats are going to appear from. They will also enable you to see who has access to the data so that you can spot users who are overly privileged and keep a close eye on those with access to your important data. LepideAuditor will then be able to generate hundreds of pre-defined reports and alert in real time on user behavior surrounding your critical data, as well as potentially damaging environment states and changes.

For more information on how LepideAuditor can help organizations in the healthcare industry increase their security, click here.