How Covered Entities Can Build a Culture of Cyber Security

If you’re a healthcare IT professional, this statistic will give you the chills: 81% of healthcare companies have had their networks compromised within the past two years, with 90% of the top ten breaches in 2015 categorized as a “Hacking/IT Incident.”

That’s according to the 2015 KPMG Healthcare Cybersecurity Survey, based on polling of more than 220 healthcare C-level executives. The survey also found that only 66% of executives at health plans felt ready to deal with a cyber-attack, and just 53% of execs at healthcare providers believed they were prepared to fend off a hacker.

You’ve no doubt heard that criminal attacks are now the top cause of data breaches in the healthcare industry. The Ponemon Institute’s 2015 Annual Benchmark Study on Privacy & Security of Healthcare Data, for example, found a 125% increase in cyber-attacks on healthcare businesses in the last five years.

And it has already been widely reported that more than 100 million patient health records were compromised or stolen in 2015 alone.

How the Cloud is Creating Many More Vulnerability Points for Healthcare Data

Clearly, this rise in the theft of patient data suggests that every healthcare IT organization should be devoting more time and resources to making sure its network and all of its electronic protected health information (ePHI) are as well insulated as possible from would-be hackers.

But less obvious is the fact that because so much of patients’ data is now digital — and so much of it is stored in the cloud — healthcare IT professionals might not even be aware of all of the platforms, applications and devices they need to protect.

For example, a recent article by ID Experts — “Medical Data Everywhere: Danger in the Cloud” — cites a study that found the typical healthcare business’s employees use 10 times more cloud services than their IT departments are aware of. Healthcare staff might be using tools like Dropbox or even their personal webmail accounts to store and transmit patient records — in many cases totally unaware of the security and compliance implications of doing so. But because their IT departments don’t know that these cloud applications are being used to transmit ePHI by their staff, they’re unable to monitor or secure them.

Why You Need More Than a Cyber Security Protocol — You Need a Cyber Security Culture

All of these trends underscore the need for a healthcare IT organization to create a company wide culture geared toward cyber security. This means more than simply creating and regularly testing the security of your network’s firewall — although that’s certainly a must-do.

Creating a cyber security culture means instilling in everyone at your organization an understanding of the need to remain vigilant and security conscious at all times when it comes to protecting the integrity and confidentiality of your patients’ data. This includes:

   Training all staff on comprehensive data security awareness and on your organization’s policies, procedures and access controls, for example.

  Deploying a Mobile Device Management platform across the company to ensure that all devices accessing the network are secured and authorized.

  Implementing strict policies regarding the storage of ePHI on unauthorized removable media or mobile devices.

  Ensuring that all transmissions and communications regarding ePHI — including fax — use the most sophisticated encryption and other security protocols.

  Deploying comprehensive network security systems, including intrusion detection software, intrusion prevention software, anti-virus applications, anti-malware software, centralized inventory and patch management software, etc.

  And finally, it includes implementing strict access controls to all ePHI.

As the leading provider of secure fax solutions for the healthcare industry, eFax Corporate can you help ensure your ePHI faxes are always secure, and utilize the strongest encryption (TLS 1.2) to protect against cyber hackers and other malicious attacks.