Stories of data breaches across all industries continue to make the news, and nowhere is the pressure greater to keep data safe than on healthcare IT managers.
Healthcare IT News states that health data breaches increased by 97% in 2011. The 2012 Data Breach Investigations Report from Verizon's RISK team confirmed that over 174 million records were reported as compromised, mostly as the result of hackers accessing the data. According to the Identity Theft Resource Center 2011 Breach Stats Report, 20% of all data breaches in 2011 were in the healthcare industry.
What is most startling about this report is that, according to the RISK study, 97% of these cases could have been avoided through simple or intermediate security controls. The graphic (see right) is one of the many included in Verizon's study.
Because the most common place where data is compromised is from corporate databases and web servers, hackers who gain access to these vulnerable areas are mining this data for private information such as social security numbers, birthdates and credit card information.
Studies like these underscore the importance of establishing network security perimeters and implementing procedures that protect the privacy of patients' information residing on these servers.
IT managers must be vigilant to combat hackers' ever more sophisticated tools and methods, and that begins with better security procedures at the office.
Security Policy and Procedures Document
The first step in ramping up security is to write and formalize a security policy and procedures document that addresses best practice protocols and that encompasses applicable HIPAA and HITECH regulations.
Next, all employees must be trained and expectations for compliance made clear, because it takes a concerted effort on everyone's part to ensure the required protections are implemented consistently.
Secure Data Files In Motion
One of the more popular ways for hackers to capture sensitive data is via the movement of files and documents across the Internet. In an earlier blog post, we talked about how standard FTP is commonly used to send files. However, FTP sends the files in unencrypted form, and offers no protection for the server's login credentials. Once those credentials are captured, hackers can use them to access the FTP server to mine additional data files.
While managing the security of all of the files in the office may seem overwhelming, Managed File Transfer solutions can simplify this task. Used in conjunction with a reverse proxy gateway, a much greater security perimeter is formed around the network, servers and the sensitive data that need protection.