Tips to Keep Healthcare Data Secure

Tips to Keep Healthcare Data Secure

Although security breaches are on the rise, healthcare companies are beefing up their security practices to successfully protect sensitive data. The lab, in particular, has made great strides in tweaking security practices, especially when it comes to lab equipment, which requires regular software updates to ensure security. With just a few adjustments, healthcare companies can keep their data safe and rest easy.

Why should healthcare
companies adjust their security practices now?

Healthcare companies deal with a large amount of highly sensitive patient data that must be kept confidential and protected. This will only increase as more data becomes available.

Data must stay current, accurate, and remain accessible for the healthcare professionals who need it.

Healthcare data is subject to a higher standard of scrutiny with regard to privacy and disclosure requirements than most other verticals, due to regulations like HIPAA.

security breaches in numbers1

23% of all security breaches were in the healthcare industry.

62% of errors stemmed from misdelivery, where a document is sent to the wrong person.

56% of problems came from an internal threat, whereas 43% came from external players.

Healthcare is the only industry vertical that has more internal actors behind breaches than external, as there is a large amount of error and employee-misuse.

Healthcare is seven times more likely to have a causal error than other industries.

Healthcare is the second most common industry where social breaches happen.

There were 750 incidents and 536 breaches in the healthcare industry last year. (An incident is a security event that compromises an asset and potentially exposes it; whereas a breach is an incident that results in actual confirmed disclosure.)

Miscellaneous error, crimeware, and privilege misuse represent 63% of incidents within healthcare.

Medical data (79%) is the most common piece of information that's compromised, followed by personal information (37%), then payment (4%).

What are the
Challenges CIOs face when it comes to security?

Data: Many CIOs worry about lab partners because they have a lot of data in their control outside of the CIO's organization. Unintentional mistakes happen all the time.

Lab instrumentation: CIOs need to make sure that lab instrumentation receives the proper updates to withstand a ransomware attack and prevent serious patient safety issues.

Talent: Having a workforce that's uninformed of the risks or how to manage them might feel overwhelming, but fortunately, education and training can go a long way.

To sidestep any
inforseen issues, lab vendors should...

Make sure instrumentation has the latest configuration and OS.

Ensure there is a regular schedule for security updates and patching.

Ensure a mechanism is in place to monitor instrumentation so that it can't be hurt by a virus or malware.

These three steps are easy to do and can greatly help keep an organization's data secure.

What are ways to keep data secure?

Two-factor login authentication is an easy set-up and is incredibly effective.

What level of
knowledge should the lab have of cybersecurity?

Labs should be aware of an organization's cybersecurity initiatives.

Cybersecurity is not just an IT function; it's an organizational imperative. If there is a breach on a lab system or device, it affects the whole organization, not just IT. Educating the whole organization about the challenges and strategy promotes widespread awareness.

Suggestions for improvement?

Full Disk Encryption (FDE) is an effective, inexpensive method of keeping sensitive data out of the hands of perpetrators.

Create policies and procedures that mandate monitoring of internal Protected Health Information (PHI) accesses.

Train employees on security practices. For example, a simple reminder that it is inappropriate for them to view patient data, even if they don't intend to do anything with the information.

Don't spread the virus; the most common vectors of malware are via email and malicious websites.

Encourage employees to ask questions, speak up, and identify situations where they see a hole in the security strategy.

How can the IVD vendor be a partner in cybersecurity?

They should be proactive and show how they're taking IT security precautions seriously; try to get ahead of the game with a security audit. Working together is a more powerful solution than working in silos, where communication can fall through the gaps.

Top areas where labs are lax in their practices?

They should be proactive and show how they're taking IT security precautions seriously; try to get ahead of the game with a security audit. Working together is a more powerful solution than working in silos, where communication can fall through the gaps.

1. "2018 Data Breach Investigations Report," Verizon,

Additional resources

  • What went wrong? An exploration in trends and data.
    From Verizon
    Within the 53,000+ incidents and 2,200-odd breaches you’ll find real takeaways on what not to do, or at the very least, what to watch for.

  • Largest Healthcare Data Breaches of 2017
    Posted By HIPAA Journal
    This article details the largest healthcare data breaches of 2017 and compares this year’s breach tally to the past two years, which were both record-breaking years for healthcare data breaches.

  • Healthcare Experiences Twice the Number of Cyber Attacks As Other Industries
    By Ladi Adefala
    Healthcare has become the second largest sector of the U.S. economy, accounting for 18% of gross domestic product (GDP) in 2017, and is rivaled only by U.S. Federal Government’s 20% share of GDP in the same year. Not surprisingly, IT spending in healthcare is keeping pace, reaching $100 billion in 2017.

Previous Article
POC Testing Standardization: Key Steps and Benefits
POC Testing Standardization: Key Steps and Benefits

Standardizing point-of-care testing can be difficult for any healthcare organization. What steps should you...

Next Article
The Value of the Laboratory to a Healthcare System
The Value of the Laboratory to a Healthcare System

As a leader, have you thought about how your lab contributes to reducing costs and improving patient outcom...