How to Eliminate the Biggest Threat to Healthcare Privacy and Security: Print and Capture

By Mark Gross, senior principal product manager, Kofax

Mark Gross

When it comes to data security, healthcare organizations are stuck between a rock and a hard place. To provide proper patient care, their staff needs access to the right information, and quickly. At the same time, the law requires them to protect the sensitive data included in electronic medical records (EMR).

A wide array of devices are used to collect and transmit patient data – including computers, mobile devices, IV pumps and X-ray machines. Today, all of these are connected to the internet, the hospital network and other medical technologies, even though many of them have few, or no, security protocols in place.

The situation’s made even more complex by the public nature of hospital environments. Many connected devices containing sensitive data are left unattended, leaving the entire network exposed. The result’s an increase in cyber and data security threats.

Right now, nearly all healthcare organizations are facing an added challenge brought on by the COVID-19 global pandemic. Many healthcare workers aren’t working in their normal environments, they’re helping in other departments, hospitals and even pop-up field hospitals. With all the displaced healthcare workers, their normal print and capture workflows are left behind with their devices—and the security of the patient data contained in documents printed or scanned elsewhere may be at risk.

Healthcare organizations need a comprehensive security strategy to protect against a breach. The best of these is a systematic approach that tests all connected devices for vulnerabilities. Once identified, security threats should be prioritized so the most severe can be addressed quickly. Regular software updates and patches are just as important, as is replacing outdated equipment with new devices that have security built in.

Because they don’t stand out as threats, multifunction devices, printers and imaging devices are often overlooked during security reviews. In reality, however, both of these handle a lot more data than people realize.

The hidden security problem in healthcare organizations

A close look at the data demonstrates just how prevalent and damaging security breaches are in the healthcare world. Across all industries in the United States in 2019, there were 1,473 data breaches with over 168.68 million sensitive records exposed. However, it’s not just cyberattacks that cause harm. According to data from Ernst and Young, 34 percent of organizations see careless or unaware employees as the biggest vulnerability.

Healthcare data breaches, in particular, are on the rise. Consider:

Exposed medical data can cost healthcare organizations millions of dollars in federal and state fines, civil actions, corrective action plans, credit monitoring, identity theft and lost business. In 2016, Advocate Healthcare Network paid $5.5 million in fines for multiple violations that jeopardized the electronic health records of more than four million patients.

HIPAA penalties alone range from $100 to $50,000 per violation. Fines are classified into tiers according to whether the offending organization should’ve been aware of the breach and the precautions it did – or didn’t – take.  Simply put, taking the necessary steps to prevent and identify breaches before they occur minimizes the fines that loom if an incident does occur.

Healthcare organizations can’t afford to leave any device out when implementing security measures. At first, printers and imaging devices may seem basic and safe enough, but they’re actually a hidden threat within hospitals and healthcare offices.

As HP’s Enrique Lores says, “Unfortunately, printers have joined network computers, laptops, tablets and smartphones as increasingly popular entry points for hackers and careless (or unscrupulous) employees to breach networks, steal sensitive data or cause digital mayhem.”

The constant flow and turnover of people in healthcare facilities makes it too easy for criminals to take advantage of an empty workstation to wreak havoc and steal documents. As more organizations expand mobile access to printers, control becomes even more lax.

Employees may print a sensitive document remotely and either leave it sitting for hours before retrieving it, or simply forget about it altogether. Yet only 18 percent of companies monitor printers for threats, according to a Spiceworks survey sponsored by HP. Clearly, the number needs to change.

The content-aware print and capture solution

Healthcare organizations must implement greater controls over when and how documents are printed and who has access to output trays. The first step is to create a print security framework including devices with security built-in and content-aware print and capture technology.

Traditional print management tracks items such as where a document was printed from and who printed it. Content-aware print management tracks all of this information, plus the contents of the document itself. A comprehensive, advanced content-aware solution combines print, capture and output management to minimize security breaches and reduce compliance costs.

When looking for a solution, make sure it provides the following features and functionality:

Unified printing, scanning and automated workflows help healthcare organizations manage, secure and govern sensitive documents. Workflows and process automation make sure the right information gets to the correct people. Automatic audit trails generate credible reports to demonstrate compliance.

In the event of exposed data, audit reports can document the due diligence an organization took, helping to reduce fines. And during this chaotic time, as healthcare organizations focus on treating COVID-19 patients, print and capture workflows follow healthcare workers no matter where they go – with the proper levels of security maintained.

Content-aware print and capture technology gives healthcare organizations the power to secure one of the biggest security threats that’s hiding in plain sight. With it, they’ll improve security, productivity and compliance – and work like tomorrow, today.

Write a Comment

Your email address will not be published. Required fields are marked *