Healthcare Industry Dodges Catch-22By: Susan Asher
Healthcare organizations are caught in a daily paradox reminiscent of Joseph Heller’s best-selling novel about WWII, “Catch -22,” a term which has come to mean “a contradictory or self-defeating course of action.” Now, with all the media attention over data security concerns surrounding personal health information (PHI), healthcare organizations need to be especially careful about securing their infrastructure.
Medical professionals need to be able to send and receive patient data to deliver care at the fastest speed, but it must be done securely to protect confidential information. The catch remains: How do healthcare organizations release patient data to medical professionals yet diligently protect patient records and personal identifiable information?
The best way to protect your data is by assessing your network to spot weaknesses before hackers do. Then you can patch the vulnerabilities and secure your system.
A third-party security analyst who reviews systems daily knows of the problems and concerns that other healthcare organizations face and can best help you with solutions that are tailored to fit your needs and budget. An outside analyst who sells no products can take a nonbiased look at your system and identify existing vulnerabilities to help you prevent the loss of private data. Unlike a company employee who is used to looking at your system, a third-party analyst can look at your network with a fresh set of eyes to assess how secure your system is and where you might be able to segment data so that it is better protected. Additionally, an analyst can help you decide what parts of you network would be most beneficial for you to scan, what tests to run throughout the year, and when to run them.
At Dell SecureWorks, our analysts work with large and small healthcare organizations to address risk and compliance security standards for HIPAA and PCI, as well as Meaningful Use, Healthcare Mobile Device Security and Application Security. Many small healthcare organizations we see are not aware that cyber thieves target them. Thieves do so because they know many smaller organizations do not properly secure their networks. Small healthcare organizations are not exempt from being fined for security violations. Earlier this year, the Office of Civil Rights, which oversees and enforces HIPAA, fined a hospice to settle a breach claim case that involved fewer than 500 patients. The Hospice of North Idaho agreed to pay the Department of Health and Human Services $50,000 for failing to conduct adequate risk analysis.
In Heller’s novel, patients feign good health to get out of the hospital ward when an unlikable American bombardier fakes illness to relax there. But there’s no feigning good health in cyberspace. Either your network is healthy or it isn’t. Without an assessment, you’ll never know until it’s too late.