Mitigating Risks In the Wake of Security and Data Breach

Guest post by Tim Cannon, vice president of product management and marketing,

Tim Cannon
Tim Cannon

A study, early this year, found that more IT employers are offering their employees flexible work options. But in the wake of security and data breach, is it worth the risk in health IT?

A report published by the Ponemon Institute in September 2014 revealed 43 percent of U.S. companies surveyed experienced a security breach in the past year, up from 33 percent in 2013. Healthcare organizations are a prime target for cyberattacks, according to a report from the Identity Theft Resource Center. Health and medical companies suffered the most breaches in 2014, accounting for 42.5 percent of reported cyberattacks.

Here are some of the biggest risks health organizations face with a virtual health IT workforce, and how to keep patient data safe:

Email risks
Hillary Clinton recently came under fire for using a personal email address for government business during her time as secretary of state. Not only did her exclusive use of personal emails violate federal record-keeping laws and practices, but also put sensitive information at risk. Her actions remind us that employees are using their personal email accounts for work, whether their employers are aware or not.

Health IT professionals who work from different locations and from different devices could be sharing unencrypted data over their personal emails without password protection. They could be sending work emails from a personal account on their phones or home computers because it’s more convenient than connecting to their work accounts.

Set clear policies on email use and remind employees of the importance of password protection when sending sensitive information.

Network vulnerabilities
To accommodate the remote workforce, networks and cloud-based data storage systems can be accessed from any location. But more employees using the network and accessing data from different places makes it easier for hackers to access the information as well.

Remote workers usually operate out of their home offices. This means they are using their home network, which is usually much less secure than the office network. Sometimes, they also work out of Starbucks and other public spaces that have unsecure Wi-Fi networks. These places also do not have standard security protocols, which means all the data is unencrypted and easy for hackers to steal.

The underlying software of the network needs to be secure, no matter where employees are working from. Securing cloud-based systems is also extremely important. Making sure your servers are up to date with service packs and software updates is critical to close potential holes in your network. Having a strong virtual private network is critical to protect patient information and other sensitive data. Invest in highly protected providers, encrypt sensitive data, and diversify your passwords to avoid security breaches.

Continue Reading