How Healthcare Organizations Can Prevent Data Tampering
Data tampering is a major concern for organizations everywhere. In fact, according to the recently released “Cybersecurity Insight Report” from CDW, 48 percent of respondents cite data tampering as a top cybersecurity risk. With personal health information on the line, healthcare organizations are particularly concerned, because it can be extraordinarily disruptive if patient data finds its way into the wrong hands.
“Hacked medical records can fetch a premium on the black market, and stolen patient data can be used to facilitate criminal activities, such as insurance fraud, identity theft and extortion,” the report notes.
Moreover, ransomware that holds servers with patient data hostage could potentially compromise care.
Blockchain holds promise for the healthcare industry in maintaining the integrity of patient data and preventing issues with tampering. By offering unchangeable, time-stamped and verifiable records of health data, it could authenticate and provide credibility for electronic health records as well as provide a secure way to share protected health information between providers and with patients.
But blockchain may not enter the picture for several years and, when it does, it’s unlikely to be a panacea for all of healthcare’s security issues.
SIGN UP: Get more news from the HealthTech newsletter in your inbox every two weeks
7 Tips to Keep PHI Threats at Bay
Until blockchain or another more secure technology emerges, healthcare organizations need to take several steps to keep patient data safe. CDW’s Cybersecurity Insight Report offers seven tips on how they can do that:
-
Establish a dedicated security function — While tools, such as firewalls, are an imperative part of any security strategy, so is human capital. Having a dedicated security team can go a long way to keeping systems secure against the most recent threats, getting them back online quickly if an attack strikes and, according to the survey, bolstering cybersecurity funding for healthcare organizations.
-
Have a plan for acting quickly — Time is of the essence when it comes to addressing attacks. “A slow response can significantly increase the impact and severity of a breach,” the report states. For this reason, healthcare IT teams should have a response plan in place, and one that any member of the team can activate to get systems back online as quickly as possible.
-
Budget appropriately for security — Often, it takes a breach for an organization to begin fully funding its cybersecurity needs, but healthcare IT teams can get ahead of attacks by championing the need for cybersecurity funding from the get-go.
-
Tap tech that offers visibility and protection — The right tools can go a long way in preventing a breach or catching it early. The report notes that 35 percent of respondents “identify and assess cybersecurity vulnerabilities using information from patching or antivirus tools, and the same percentage rely on information from Windows Update or inventory management tools.” When it comes to early threat detection, vulnerability scans can also play a large role.
-
Engage with trusted third-party partners — Healthcare IT teams don’t have to go it alone when it comes to maintaining firm and thorough cyberdefenses. Third parties that specialize in cybersecurity can help to bring “a potent mix of tools and expertise” to in-house IT teams.
-
Implement end-user training — Healthcare is the only industry where internal threats pose more of a danger than external threats, according to a recent Verizon report. For this reason, implementing continuous training for healthcare staff — and evolving the training over time — is essential to keeping hospital systems safe.
-
Extend security responsibilities to business and legal teams — While IT teams are traditionally in charge of drafting and enforcing cybersecurity policy, involving business teams can help to create a more holistic approach to cybersecurity. Meanwhile, getting legal teams on board early can help organizations prepare for any liabilities earlier, the CDW report notes.
Not all functions are necessary to keep an organization safe, the CDW report notes, but security layers and flexibility are key in the fight against cyberattacks. “By scaffolding innovative technologies with cross-functional support and heightened security awareness, organizations can take proactive steps toward minimizing security risks,” the report states.