Solutions for the Top 5 Security Vulnerabilities

A recent article from HealthCareITNews.com details the top five security vulnerabilities that “could mean trouble” – that is, result in a data breach. While these risks are entirely valid, the article doesn’t offer tactical solutions or alternatives to reduce said risks. [Note: these security vulnerabilities should be of concern in any industry, not just healthcare – i.e., financial, ecommerce, software, etc.].

So I thought I would respond:

Theft.
The article acknowledges that lost or stolen media, often in the form of a backup tape or laptop, were the culprit for a data breach. The Sutter Health incident involving a break-in and theft of a desktop computer is used as an example. But the article fails to provide a way to prevent the loss of innumerable patient records by media theft.

Keeping ePHI (electronic protected health information) or other sensitive information on secure networks, and not physical devices can greatly decrease the potential risk of allowing thieves access to ePHI. With remote access to networks using mobile devices, the use of two-factor authentication is greatly recommended – it verifies the identity and access level of the user trying reach the data. Read more about this here: Keep ePHI on Secure Networks, Not Mobile Devices, Recommends OCR.

In addition to keeping data in HIPAA compliant data centers with standardized network security in place, investing in an offsite backup solution that doesn’t use tapes can help prevent a data breach.

READ

Reasons Why HIPAA Is Vital For The Healthcare Industry

Mobile devices.
Similar to the theft issue, mobile devices “don’t have the same level of security controls as computer systems,” the article claims. In addition to keeping ePHI/sensitive data off of physical devices, a BYOD (Bring Your Own Device) and mobile policy can standardize users’ behavior when it comes to transmitting, storing and accessing data.

A solid set of policies and procedures, as well as a security awareness and training program can ensure your employees know what is expected when it comes to the use of mobile devices.

Dissemination of data.
Target data sharing between healthcare organizations and third-parties, the article claims the lack of security, tracking and auditing capabilities as a source of data breaches. The article states those that transmit data must “invest in technology and processes that protect the data in transit and at rest.” But what kind of specific technology could do that?

SSL certificates can secure the transit of information from a web server to the user by starting a secure session and encrypting shared data. Encryption for data at rest and in transit should follow the U.S. government, NIST-approved (National Institute of Standards and Technology) AES-256 (Advanced Encryption Standard). Additionally, using SFTP (Secure File Transfer Protocol) to transfer files can help secure and validate the identity of users.

Outsourcing to business associates or third-party vendors.
The article mentions the growth in outsourcing, and the need for business associates, vendors and partners to follow national regulations (HIPAA, PCI, SOX, etc.). The article mentions pre-contract assessments of business associates, and post-contract compliance assessments, but more due diligence should be done pre-contract to minimize as much risk as possible.

READ

Where Does Blockchain Fit Into Healthcare?

Start by asking managed hosting providers for a copy of their Report on Compliance (ROC), for any type of compliance. This means they’ve invested in an independent audit of their facilities and services and were found to be operating at 100% compliance with the standards.

A HIPAA hosting provider should also be able to provide documented policies and procedures of their security practices, dates and signed documentation of employee training, and a comprehensive Business Associate Agreement (BAA) outlining their responsibilities and incident response protocol.

The cloud.
The article gets kind of vague here, stating that cloud computing is popular because it’s cost-efficient to outsource both storage and compliance out to a provider, yet it “adds another layer of potential breach exposure to a healthcare organization.” The article concludes by stating the responsibility of securing information in the cloud is ultimately on the shoulders of a covered entity, which is true, but can be alleviated by doing their due diligence as described above.

Another article I wrote, Outsourcing Cloud Computing Security, outlines sample questions to ask your potential new HIPAA cloud hosting provider. Cloud Computing and Compliance also explains the difference between Software/Infrastructure-as-a-Service.

Healthcare Organizations: Seeking a Cloud Provider? BAAs Required quotes David S. Holtzman of the HIPAA enforcement entity, OCR (Office of Civil Rights):

If you use a cloud service, it should be your business associate. If they refuse to sign a business associate agreement, don’t use the cloud service.

The article also lists important provisions in your cloud contract to minimize security vulnerabilities and ultimately protect your PHI.

References
5 Security Vulnerabilities That Could Mean Trouble

How To Spice Up Conference Calls In The Healthcare Industry

Try These Tips On How To Handle Medical Expense Debt

How to Succeed in Social Media Marketing in Healthcare

The Modern and Portable Oxygen Concentrators That You Need

Try These Tips On How To Handle Medical Expense Debt

Why Meal Planning Is Good for Your Budget & Your Health

How Do I Become A Clinical Documentation Specialist?

How To Get Capital For New Equipment For Your Healthcare Business

How To Spice Up Conference Calls In The Healthcare Industry

How to Succeed in Social Media Marketing in Healthcare

The Modern and Portable Oxygen Concentrators That You Need

What To Know About The Importance Of Healthcare Marketing

Big Data Analytics Is Perfect For The Future Of Personalized Medicine

Reasons Why HIPAA Is Vital For The Healthcare Industry

Why Are Data Breaches So Expensive?

Hospitals Suffer From Denied Claims – Can Proper Patient Identification Help?

Reasons Why HIPAA Is Vital For The Healthcare Industry

Hospitals Suffer From Denied Claims – Can Proper Patient Identification Help?

All That You Need to Know About Clenbuterol

7 Important Benefits Of Electronic Health Records (EHRs)

How Wearable Tech Insights Are Improving Healthcare

The Roles Of AI, IoT, And Cybersecurity In Transforming Healthcare

Top 5 Ways Mobile Apps Are Impacting Health And Fitness Industries

How To Use SMS To Increase Customer Satisfaction In Healthcare

Why You Need To Know The Risks Of Self-Diagnosis

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

Here’s How IoT In Sports Is Transforming The Field

Seniors And Caregivers Are Utilizing Technology To Improve Quality Of Life

Big Data Analytics Is Perfect For The Future Of Personalized Medicine

How Much Does An Ultrasound Machine Cost?

How Much Does An Ultrasound Machine Cost?

The Impact Of Mobile App Development On Health And Wellness

All That You Need to Know About Clenbuterol

How Has Technology Changed the Medical Sector In 2019?

Big Data Analytics Is Perfect For The Future Of Personalized Medicine

What Will 5G Mean For Healthcare?

How Has Technology Changed the Medical Sector In 2019?

Making Sense Of The Surge Of Voice Recognition Software In Healthcare

The Rise In Medical Malpractice Costs And How They Make An Impact

Nursing Professional’s Guide to Buying Shoes to Prevent Gate Ailments

Robots Are Being Programmed To Perform Spine Surgeries

Acceptance and the Changing Face of Plastic Surgery

What To Know About Nutritional Supplement Packaging Safety

6 Excellent Exercises To Help Rotator Cuff Syndrome

How To Manage Your Fear Of Going To The Dentist

Methods for Protein Purification in Biotechnology

The Truth Behind Hair, Skin, and Nail Supplements

Top AED Models To Minimize Risks Of Cardiac Arrest 2019

3 Things To Consider When Looking For A Heart Doctor

The Value And Criticism Of Robot-Assisted Heart Surgery

Here’s What To Know About Sleep And Heart Health

How To Manage Your Fear Of Going To The Dentist

Dental Don’ts: Four Dangerous DIY Projects That Should Never Be Done

A Guide To Maintaining Oral Hygiene And Dental Health

6 Habits That Are Harmful To The Health Of Your Teeth

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

Understanding Hypnosis For Sleep And Its Major Benefits

How To Lose Weight And Eat Food You Love By Tracking Macronutrients

How In-Home Visits Might Help Reduce Childhood Obesity

How Does Fat Leave Your System When You Lose Weight?

The Positive Impact Of Outdoor Activities And Events On Kids’ Health

What All Good Cataract Surgeons Have In Common

6 Excellent Exercises To Help Rotator Cuff Syndrome

Body Pain And Chiropractic Care: How Are They Related?

Four Ways to Banish Back Pain For Good

The Most Important Things To Know When Choosing A Chiropractor

Important Early Pregnancy Signs To Be Aware Of

Prenatal Care: 5 Great Reasons to Get a Prenatal Massage

Are You Healthy Enough to be a Surrogate?

5 Tips for a Healthy Pregnancy

Radiology as an Enterprise Model for Collaboration