Filip Cotfas, Channel Manager, CoSoSys gives plenty of reasons to invest in data protection to secure patient data and also prevent organisations from becoming insolvent
Health information has always been considered extremely sensitive and with the rise of digital healthcare records, the need for its protection has become increasingly urgent. Due to the high volume of data they collect and their often-vulnerable systems, healthcare organisations have turned into a favourite target of cybercriminals the world over. Frequent victims of data breaches, healthcare institutions face not only a loss of customer trust but also hefty fines as data protection regulations such as HIPAA in the US and GDPR in the EU moved to place responsibility for data protection squarely on organisations’ shoulders.
From the worst data breach to date that took place on January 2015 and affected 78.8 million Anthem Blue Cross patients to the latest news of the American Medical Collections Agency data breach that is estimated to have affected over 20 million patients this year and has driven the organisation to the brink of bankruptcy, healthcare institutions have plenty of reasons to invest in data protection. But what are the most important and what role does data loss prevention play in them? Let’s have a closer look!
According to IBM Security’s 2019 Data Breach Cost Report, the average total cost of a data breach in the healthcare industry is $6.45 million, 65 per cent higher than the cross-industry average. This essentially means that, besides the loss of patient trust and the damage to a company’s public image, there is also a substantial financial price to be paid.
It is, therefore, less costly for healthcare institutions to invest in data protection measures and ensure data breaches are avoided than to risk a breach and have to pay the considerable bill associated with them. In countries like the US, the risk is often even higher as data protection legislation allows for class action suits. Indeed many healthcare data breaches wind up in courts: Anthem Blue Cross paid affected patients no less than $115 million to settle the litigation and that on top of the record $16 million it paid to the federal government for its breach of HIPAA.
Protecting their reputation
Besides a ruinous bill that can send healthcare institutions spiralling into insolvency, they also face considerable public backlash associated with data breaches. With the mounting adoption of data protection regulations focussed on protecting individuals’ personal information, data loss prevention is now seen as the responsibility of the organisations collecting, processing and using individuals’ sensitive data. When an organisation fails to live up to the requirements, they are legally obligated to follow, it causes a loss of trust in existent patients and generates reluctance in new ones. Individuals are likely to avoid institutions with a proven track record of data breaches. By applying data protection strategies, healthcare organisations can reassure patients that they are taking data protection seriously and staying compliant with regulations adopted to protect their personal information.
While traditional data protection solutions like antiviruses and firewalls are designed to keep intruders out and are an essential part of any data protection strategy, they do not directly address the need to protect personal information, but serve a more general role of protecting an institution’s network and all its data.
This is where data loss prevention (DLP) tools come into play. Designed to protect special categories of data through predefined or customised policies, they can find sensitive data on an institution’s network and monitor it. In this way, healthcare institutions can have a clear picture of where sensitive patient data is stored and how it is being transferred and used by their employees. Practices that make data vulnerable can thus be discovered along with the employees that require additional data protection training.
Controlling portable devices
Another blind spot of traditional data protection strategies, portable devices are often used as a loophole by both insiders and malicious outsiders. Files can easily be copied onto USBs for example and then taken outside of the work environment where they, and the data on them, are extremely vulnerable. External drives, with their high storage spaces, are even more problematic although more conspicuous than USBs.
DLP tools can block any removable devices from being connected to endpoints or permit connection and transfer of files only onto trusted devices such as those issued by the healthcare institution to its employees or those that automatically encrypt data copied onto them.
DLP tools have become an indispensable asset to healthcare institutions that regularly operate large networks full of sensitive data that is often vulnerable to loss or theft due to overworked or careless employees or malicious outsiders.
DLP solutions like Endpoint Protector are easy to deploy and manage, offering protection on the endpoint that ensures that sensitive data is easily monitored and controlled from a single dashboard. They can also operate cross-platform, guaranteeing that, whether endpoints are running on Windows, macOS or Linux, they are offered the same level of protection. Remediation actions such as deletion or encryption of sensitive data when it is found on unauthorised users’ computers are also available on the dashboard, saving administrators considerable time.