As ePHI continues to attract hackers, it is crucial for health care providers, including staff, admins, IT, and anyone who interacts with ePHI, to better understand threats and how to securely access and share data. Education and training will help solve some of the most common ways attacks happen. For example, knowing how to avoid social engineering tricks, like identifying suspicious emails that can infect systems with malware, may prevent a ransomware infection that could shut down their EHR system. Some hospitals that suffered from the WannaCry ransomware attack were forced to revert to using pencil and paper with their patients. For health care IT, it means better-understanding the threat landscape and potential vectors into this valuable data and performing a risk analysis.
As health care systems continually become more connected, data is everywhere – in the cloud, on laptops, tablets, and other devices – all controlled by IT. Knowing how to identify, react, and prevent hackers from accessing these target-rich environments will decrease breaches in the future.
Demand for better access to our health data continues to grow, and expectations will increase for easy, fast, and secure means for sharing patient information. Health care professionals must continually assess risks, define policies for information security, educate and train employees on proper IT hygiene, and look for technology solutions that help them achieve better security. With so much at risk these days – including monetary fines, reputational risk, and ultimately patient satisfaction ratings, properly training staff and mechanisms to share ePHI securely can help address the significant consequences of data breaches.
About the author: Bill Ho is CEO of Biscom, and is a recognized security expert for some of the most regulated industries, including healthcare. Bill received his BS in computer science from Stanford University, his MS from Harvard University, and his MBA from MIT’s Sloan School of Management.Back to HCB News
