Skip to main content

Ipswitch

By Ipswitch | 12:02 pm | May 17, 2016
Healthcare organizations are dealing with an epidemic of threats to the security of electronic health records (EHR). From breaches to ransomware to employee data violations, securing healthcare data while meeting data privacy compliance demands is under a heightened threat level. Rise of the healthcare epidemic There’s a perfect storm of events that are causing an increase in cybercrime: national laws and policies have encouraged healthcare organizations to move to EHR (98 percent of hospitals in US); available technology to ease the transition to EHR; and high value for EHR on the black market (FBI Cyber Division Private Industry Notification #140408-009, 8 Apr. 2014, puts the value at $50 for each partial EHR). In addition, there is increased pressure to innovate to stay competitive by delivering differentiated services. Healthcare organizations are now leveraging technology and information systems to reduce costs, improve the quality of care and make it easier for patients to be proactive in their own healthcare. This has revealed new capabilities for healthcare staff to do their jobs more efficiently, but with every technology advancements comes the challenge of ensuring that technology is easy to use, reliable and secure. While cyber criminals are a growing threat as seen by the recent ransomware debacles, it can’t be the only area of focus to protect EHR. In the recent 2016 State of Data Security and Compliance Report published by Ipswitch, Inc, more than 500 IT professionals (91 in healthcare organizations) from around the world were surveyed about their data security policies. Those in healthcare organizations that identified as having experienced a significant data loss noted that only 20 percent was due to malicious activities, while 45 percent was due to human error and 35 percent due to process or network failure. Interestingly, in that same report only 34 percent in healthcare reported their organization as very efficient in identifying risks and 42 percent as very efficient in mitigating risks. No silver bullet to protect EHRs There’s general agreement in the IT community that given the complexity of modern healthcare technology there is no silver bullet for EHR data protection. Employee behavior is a critical risk, including loss of personal devices without adequate access control or EHR data encryption, and their unknowing participation in social-engineering exploits. And while more than 80 percent of hospitals in the U.S. have electronic medical records (EMR) systems (4567 of 5627) that offer protection of EHR, there’s continued need to securely send and receive EHR to externally.  EHR is increasingly vulnerable when in-motion outside of protected healthcare infrastructure. HIPAA/HITECH identifies IT controls to protect data including encryption, network perimeter defense, effective access control and employee training, and yet data loss is a growing trend. A deputy CISO from a large healthcare organization at the recent Secure World Conference in Boston said that his primary focus is no longer on HIPAA compliance. It’s just a given that any new technology they consider must comply. He’s now more interested when talking with technology vendors about their capabilities to help identify and mitigate risks. To learn more, join the upcoming HIMSS Media webinar, Combatting the Epidemic of Healthcare Data Threats with John Houston, VP Information Security & Privacy, UPMC (University of Pennsylvania Medical Center).  During the webinar, you’ll learn: What are the essential IT controls to protect healthcare data-in-motion? What are tips and tricks to cost-effectively pass your next audit? What are practical strategies including automation to cost-effectively reduce data loss?  Which file transfer and sharing technologies help or hurt your data protection?  For additional resources to learn how you can protect your EHR data-in-motion visit https://www.ipswitch.com/resources/case-studies/rochester-general-relies-on-moveit-to-transfer-medical-records-and-meet-hippa-hitech-compliance  
By Ipswitch | 06:02 pm | May 03, 2016
Given the increase in threats and vulnerabilities introduced to the market on a daily basis, the process of moving protected healthcare data securely is critical to the role of IT teams in healthcare organizations.  Considering the demands that IT teams must meet in order to comply with data privacy laws and industry regulations such as HIPAA, IT professionals are in a continuous battle for file and data security. In this recently published report by Ipswitch, over 500 IT professionals around the globe were surveyed about their use of data and file transfer solutions and policies in place at their organizations.  The global findings show that while 82 percent of healthcare IT professionals believe securely transferring and sharing of files is very important, only 30 percent have policies that restrict insecure cloud file sharing services.  In the US, 38 percent of healthcare IT respondents stated they use cloud file sharing services but only 40 percent have policies in place that restrict its use.  The results were even more surprising in Europe as only 20 percent of IT organizations stated they have policies in place.  This is a significant concern as sensitive information such as patient records and medical data are outside IT control and vulnerable to data loss and breach.  While IT teams are aware of the issue, employees are continuously circumventing IT approved solutions by using these insecure services placing the organization and its data at risk. The report reveals that while external threats to data loss are still prevalent, internal threats represented the most common cause of data loss.  In the US, 72 percent of respondents shared that human and processing errors are to blame – significantly outweighing external attacks and breaches.  Meanwhile, 21 percent of IT professionals said they may have experienced a data breach or suffered data loss but are not sure.     Identifying and mitigating risks is critical to protecting data.  However, the report shows that more than a third (38 percent) of IT professionals said their processes to identify and mitigate file transfer risk are not efficient. “The survey findings point to an obvious disconnect between IT and organization leadership when it comes to file transfer security,” said Paul Castiglione, Senior Product Marketing Manager at Ipswitch. “IT teams need to voice this as a priority for 2016 to ensure the company has granular access control, automated policy governance, and protection of data in transit and at rest. By implementing a MFT solution and enforcing strict policies, IT teams can make sure sensitive company data is safe and secure, without hassle.” To learn more, check out the 2016 State of Data Security and Compliance blog by Ipswitch. Get your FREE copy and learn how leading edge healthcare IT teams are meeting data security challenges.