Handling Data: A Primer

Are you protecting your data?

Remarkably, if you’re like many of your colleagues, no. According to a recent survey conducted by the Healthcare Information and Management Systems Society (HiMSS), more than 30 percent of hospitals are still transmitting data unencrypted, leaving it vulnerable to hackers.

“This … leaves the door wide open to potential tampering and corruption of the data, in addition to a large potential for a breach,” the report reads. “If a computer, laptop, thumb drive or backup were to be stolen, any person would be able to access such information.”

What’s worse is that just 57 percent of acute care facilities and 41 percent of non-acute care facilities cite using intrusion detection systems. And only 78 percent of acute care facilities use some sort of firewall.

“Firewalls monitor and filter network traffic — not having firewalls may leave an organization susceptible to compromise,” the report reads. “Simply put, firewalls are a basic component of network security.”

Read the full report: http://www.himss.org/sites/himssorg/files/2016-cybersecurity-report.pdf

So, with this seeming openness to vulnerability within our systems, what can be done to prevent something bad from happening?

The first steps should be obvious. If you’re uncertain how you’re transmitting your data, find out. Make sure it’s encrypted at all times — not just in transit, but at rest as well. Make sure you have a firewall installed and are using some sort of intrusion detection system.

Once those things are in place, there are other data matters worth considering.

According to another recent study, only one in 10 organizations has so-called “data maturity.”

“These organizations use offsite archiving applications or retention policies, in addition to backing up data with de-duplication, offsite replication or disaster-tolerant replication,” writes Jessica Davis of HealthcareITNews.

Dave Dimond, a chief technology officer at a cloud computing provider, says that one of the biggest issues is that security often times falls on a “lower line of the budget,” and thus doesn’t take quite as high of a priority within the organization. 

“We believe that a detailed plan is where you start,” Dimond says. “To understand cyberattacks, organizations must start to look at the ways it’s currently protected and consider what it takes to create your vault.”

What’s a vault, you’re asking? Good question. According to Davis, a data vault is a completely isolated environment. It’s protected with what Dimond calls an “air gap,” which creates space between the primary system and the backup. The gap opens to sync data and closes immediately, creating isolated protection.

Because of the increase of cyber attacks on healthcare systems, including ransomware, Dimond and his colleagues recommend having a “total recovery strategy” if at all possible.

So, yes, it seems we still have a ways to go to have fully protected data in the healthcare industry. But don’t wait for a bad thing to happen to start taking action. Investigate now and do as much as possible to protect your data.

COVID-19 Resource Center    Visit our Resource Center to stay up to date.​