Healthcare Data Security: Manual Incident Response is Not an Option

Guest post by Dave Willsey, CEO and co-founder, Integrify.

David Willsey
David Willsey

Data security is a top concern of every healthcare provider today. And for good reason. A recent news story from The Wall Street Journal reported that healthcare is “frequently cited as one of the industries most exposed to cyberattack due to large networks with numerous access points and vulnerable, legacy computer systems.”

If there is an industry more vulnerable to hackers today than healthcare organizations, you’d have to search far and wide to find it. Healthcare hacking is a growing problem.  It is a trend that will not change course anytime soon.

Unfortunately, hospitals and other providers present a target rich environment for criminals and malicious hackers. And, to make matters worse, a recent study by researchers at three leading universities concluded that additional threats are coming from within “the house” as clinicians and other staff are taking shortcuts and finding workarounds to security measures in an attempt to deliver better patient care.

The federal government response to this growing threat is two-fold: mandatory reporting of data breaches and financial penalties that sting when violations of protected health information occur.

When it comes to reporting and ensuring continuous improvement to guard against future risk to data security, the number-one best practice today is a well-conceived, executable and automated incident response plan (IRP).

The good news is seven-in-ten providers have an IRP in place. The not-so-good-news is most of those plans are based on manual, labor intensive, error-prone processes. What’s needed to step-up the game for healthcare providers is an automated IRP workflow process. Automation is the only way to protect your data as the threat continues to evolve in the future.

Secure data and information is the chief reason to automate IRP workflow. But ROI is another major business driver to invest in automation. Here’s why – you’ll get quick payback from more accurate information about threats and breaches sooner in the process before they get out of hand; your teams will be able to execute with rapid response times that lead to fast resolution when compared to manual processes; and, finally, automation will bring your leadership team and other key stakeholders a unique capability to apply analytics and intelligence to support and measure continuous improvement in critical processes against future threats.

Automated IRP can provide all users with a simple incident reporting tool across the healthcare ecosystem – if a doctor or nurse or someone in the pharmacy formulary, for example, notices a potential security issue, that user can immediately trigger an automated IRP process. This action would notify the front line responder teams who can then escalate a response if needed.

Effective incident response planning addresses three key areas – people, process and data. With people, it’s very important that the roles of each person handling patient data are well identified and this would include all clinical staff, billing and administrative personnel, insurance agents, IT personnel, outside vendors, contractors, and others.

Continue Reading