Prime Factors Blog

Operating Inside the Healthcare Industry. Is Your Data at Risk?

Posted by Pete Flagella on Dec 20, 2017 10:00:00 AM

Find me on:


The Problem

When a cyberattack occurs inside the healthcare Industry, personal, medical, and even financial information are often stolen, making for a highly desired data set that can be used for identity theft, medical fraud, financial misdemeanors, tax fraud and insurance fraud. In many instances the data is auctioned off to the highest bidder resulting in even greater damage than typical financial data breaches and theft.

Healthcare IT systems are often more prone to breaches than any other industry IT systems due primarily to the underinvestment in maintaining up-to-date operating systems and devices. In spite of regulations like HIPPA, HITECH ACT, ARRA, ACA and the HIPAA OMNIBUS RULE, the healthcare industry continues to struggle with the balance between regulations, patient confidentiality, and adapting to new technologies. This resistance to change is especially challenging because there are constant changes to service provider networks, insurance companies, and medical device technologies. The use of mobile access, which now allows these technologies to work together, adds an additional layer of complexity to protecting sensitive data. Combined, all of these frequent changes within the technological landscape effect everyone and every aspect of doing business within the healthcare industry.

The recent WannaCry ransomware attack is an example of how vulnerable the healthcare industry is. Hospitals across the UK were forced to divert incoming patients, including those in ambulances, to other hospitals. Many surgeries were canceled and health care providers were required to revert to manual operating procedures. The attack not only created confusion and delays, but well being of patients were at risk. 

Typical breach and infection points include the following:

  • Email attachments
  • Embedded Weblinks
  • Drive-by-downloads
  • Website Advertisements
  • Free Downloads
  • USB drives

Each infection point provides access to critical and highly prized personal information. The crucial line of defense in protecting data begins at the application and database level where most critical information resides.

The Solution

Encrypting data at the application and database level can prevent and protect data from being breached. While the number of thefts of medical record data continues to grow, fortunately the level of interest in protecting data is increasing. Among organizations surveyed in 2017, 47% showed awareness of the need to re-evaluate their current IT structure. The more frequent and sophisticated cyberattacks become the percentage of awareness will increase. 

While disparate systems and devices bring a significant challenge to the healthcare industry, encrypting sensitive applications and databases where prime data resides is the simplest, quickest, and most cost effective solution to securing data. Additionally, encrypting data with a cross platform, integrated software based solution can simplify and shorten the time it takes to implement and deploy. Taking into account that the healthcare industry IT structure is prone to diverse systems and multiple access users, key management and tokenization can provide authorized access to all or partial data whether the data is at rest or in motion. 

Implementing encryption, key management, and tokenization are extremely effective strategies to protecting the organization, but more important, critical to protecting patient data. Organizations who deploy effective security strategies continuously monitor and update their policies, strategies, and procedures. They are also more likely prepared to defend themselves against new threats or more sophisticated cyberattacks.

EncryptRIGHT from Prime Factors can protect your organization. To learn more about EncryptRight and whether you are compliant with the industry standards contact Prime Factors at 888-963-6358 or fill out our online form for a free consultation.

Topics: encryption, PCI Data Encryption, PCI Data Security Standards, PCI Compliance, health information security, PCI DSS, hippa, healthcare security