Protecting and Securing ePHI a Top Priority
Preventive Medicine for Healthcare Providers: Fighting bugs and viruses of a different sort
David Finn, Health IT Officer at Symantec
The doctor’s office is changing. It’s becoming much less common to see the rows of filing cabinets filled with paper files on each patient. Instead, healthcare today is driven more and more by technologies such as computers, servers, smartphones and tablets. Endpoints used to primarily mean PCs, but now there are far more methods for accessing files, especially electronic protected health information (ePHI) about patients. Healthcare professionals now have more ways than ever to provide the care their patients need.
Just as our bodies are constantly fighting off germs and viruses, largely without our knowledge, most healthcare employees may not see the battle behind the scenes to protect ePHI from cyber criminals as well as accidents that can expose this sensitive information. But just one data loss incident can be devastating for a healthcare provider. And while we are hearing in the news about sophisticated cyberattacks , endpoint security remains a fundamental part of information protection. A recent survey conducted by Symantec revealed that three-fourths of small to mid-sized businesses feel they are safe from threats such as viruses and hackers. Unfortunately, additional research shows that 36 percent of all targeted attacks are now directed at businesses that have fewer than 250 employees.
This combination – increasing threats to information and that information being stored and accessed in more places than ever before – means that it’s time for businesses dealing with ePHI to make sure they are doing everything in their power to keep it safe. They also need to protect their own financial records and other confidential data. The following are best practices healthcare facilities can follow to ensure successful protection of their endpoints.
Know what you’re dealing with: The first step is to know what information you are storing, and where it is. If you have implemented an electronic medical record and/or practice management system, you should know where those files are being stored. The servers and other machines that have access to that information need the most protection, whereas public information does not require the same level of protection.
Educate employees: Employee education is a significant part of an effective information protection plan, as they are the first line of defense when it comes to keeping endpoints safe. Be sure your employees are not only aware of long-established threats like malware, but educate them on more recent trends such as social engineering. In this newer kind of threat, cyber criminals can use publicly available information from sources such as social networking sites to craft communications ostensibly from credible sources, sending them to employees. Then they trick them into giving away their login credentials, potentially compromising endpoints, security systems and confidential information. Employees also need to remain vigilant with their Internet use and the files they download.
Choose the right solutions: Carefully evaluate your current endpoint protection software. You should standardize on a single solution wherever possible, to present a united front against threats. If you need to update or introduce new protection tools, look for a vendor that can satisfy these key requirements:
- Flexibility: As many businesses begin to embrace virtualization and the cloud, they need to protect both physical and virtual machines. Using two or more endpoint protection solutions is costly and inefficient; be sure your vendor can support both platforms. A simple licensing process will also be valuable as the number of endpoints grows with the business. In addition, more businesses are opting to deploy security as a service, allowing security businesses to utilize their extensive intelligence resources to manage security for clients. This may be especially useful for smaller organizations with fewer IT resources.
- Effectiveness: Threats are diversifying, and in many cases traditional malware protection alone is not enough. Securing endpoints should include the ability to protect against not only the expected viruses and Trojans, but newer forms of malware that exploit emerging vulnerabilities. The ideal solution should be able to analyze files to dynamically identify new threats based on the latest intelligence. For the best possible results, select an endpoint solution from a reputable and trusted security vendor.
- Performance: With the amount of information providers are storing drastically increasing, particularly as electronic medical records become more common, there are more files than ever for endpoint protection tools to scan. Healthcare businesses need a solution that can quickly scan this increasingly large number of files. Deduplication can significantly reduce scan times by reducing duplicate files. It should also be intelligent enough to skip duplicate files in the virtual environment, further streamlining the protection process.
Today’s healthcare providers, from academic medical centers to small physician practices, deal with an enormous amount of sensitive information, and keeping it secure should be the top priority. As part of a multi-layered security approach, ensure that you install sufficient protection on all endpoints, as well as enabling sensible user behavior and intelligently managing where sensitive information is stored. Strengthening your ability to protect ePHI and other confidential files, you can continue to provide the highest quality patient care, knowing that their information is as well cared for as they are.