Story image

Six tips for improving data security in the healthcare sector

23 Jul 18

Digitisation has transformed the healthcare industry and been the catalyst for significant improvements in patient care but keeping sensitive data safe is an ongoing challenge for the sector.

The stakes are high, given the fact that healthcare records typically contain a wealth of data, of the kind that can be used to perpetrate identify fraud. Records trade at a premium on the black market; providing hackers with a healthy incentive to target practices and service providers.

Security breaches and incidents occur frequently

Collectively, healthcare providers reported more data breaches than any other sector in the first quarter of 2018. They accounted for an extraordinary 24 per cent of all notifications, according to the Office of the Australian Information Commissioner (OAIC), the federal agency responsible for administering privacy and information management policy in this country.

There are many measures healthcare providers can employ to better protect patient records and other sensitive information in their possession. Here are six ways to tighten your security set-up.

Undertake a security audit

Evaluating all the systems and processes within your service or practice can help you get a better handle on the risks you face and identify potential points of vulnerability.

It’s important to do this from a business as well as a technical perspective. Responsibility for data breaches rests with senior management and the OAIC can impose stiff penalties on organisations which fail to report and remediate them in a timely manner. Data breaches can also result in significant reputational damage and a resultant impact on the bottom line.

Check your tools

Using the latest and highest quality equipment has always stood the healthcare profession in good stead. Ensuring your cyber-security tools are up-to-date is equally important. Professional advice may help you to determine whether the measures and software you have in place are providing appropriate protection or if your defences need to be bolstered further.

Check the channels of communication

It’s common for data to be lost or compromised while it’s in transit. Examining the communication methods and channels used by staff – internally and externally – can help you identify possible points of weakness, such as insecure file sharing services. Putting measures in place to ensure employees only use secure channels will reduce the risk of data being lost, leaked or infiltrated.

Educate staff

The majority of data breaches are not caused by deliberate or malicious action. They’re the result of ignorance, carelessness and human error – anything from clicking on phishing emails to leaving an unencrypted laptop on a train or in the back of a taxi.

Ongoing education is the sine qua non of the healthcare profession and this should extend to your organisation’s ICT operations. Conducting regular cyber-security training sessions can help employees understand the risks being faced and the practical steps they can take to ameliorate them. Prevention is better than cure – and ensuring your whole team is alert to the possibility of a cyber breach or attack is the most effective way to lower your risk.

Find an email alternative

Email is a widely used business tool but it remains an insecure way of exchanging the sensitive data that’s routinely handled by healthcare providers. A secure file sharing platform is a more robust alternative and should be used to replace other insecure data sharing practices, such as loading files onto USB drives.

Safe storage

Data sovereignty is becoming an increasingly important issue and knowing where your data files are stored is vital. While most are likely to be on internal servers, some may be kept on cloud-based platforms or on systems owned by third parties. Reviewing these locations and halting the use of those which are deemed to be insecure will reduce the chance of sensitive files being compromised.

Article by Dekko Secure managing director Jacqui Nelson.

Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Hands-on review: The Logitech R500 laser presentation remote
With a clever ergonomic design, you’ll never have to glance at the device, unless you deliberately look to use the built-in laser pointer to emphasise your presentation.
Review: Should you buy the Fitbit Charge 3?
If you are new the to the world of wearables you might be wondering if Fitbit’s new offering is a good first step. Maybe I can help with that.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Cohesity signs new reseller and cloud service provider in Australia
NEXION Networks has been appointed as an authorised reseller of Cohesity’s range of solutions for secondary data.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
Avnet to boost AI/IoT solutions with acquisition
The acquisition of Softweb Solutions adds software and artificial intelligence to Avnet’s ecosystem and bolsters its IoT capabilities.