Guest post by Mike Baker, principal, Mosaic451
Data breaches and HIPAA violations became common, almost daily, news in 2015, exposing sensitive client information with devastating results. Understanding HIPAA compliance will be critical in 2016, especially since the Office for Civil Rights (OCR) will begin a new round of HIPAA audits.
In spite of record spending on firewalls, anti-virus software, malware detectors and the widget of the day, healthcare organizations keep getting hacked because the focus is in the wrong place. Here are three trends taking presence in 2016 that can help any organization fight the good fight against cyberattacks.
Buying Technology Alone is a Security Strategy That Does Not Work
Healthcare is under constant pressure to safeguard assets, however too many firms focus on security for HIPAA compliancy and then call it a day. Compliance is a legal necessity, but organizations expose themselves to cyberattack when use technology as a crutch. Many organizations will need to look at their operations as a critical network and seek ways to defend it.
A majority of breaches are from data that has been stolen, via record removal, virtually and physically. We see the trend in 2016 shifting from technology to people if healthcare organizations are going to defeat hackers.
Focus on the Human Element
Examine the largest data breaches of 2015. Technology did not protect the vast majority of these companies. In each case, data was breached due to hackers successfully exploiting humans.
The proliferation of mobile devices in healthcare like smartphones and tablets have also made the human element even more vulnerable because this area of security is often overlooked and is, in fact, the weakest link.
Technology is only as good as the people who use it and is merely a tool in the fight against cybercrime. Technology alone cannot fully protect an organization’s data, networks, or interests. This is a trend in 2016 and beyond that must be recognized if organization hope to safeguard patient records.
For any organization serious about protecting an asset, the brightest minds must be deployed, and the technology utilized is secondary to the core intellectual capital. This is where Managed Services Providers (MSPs) will become a growing trend in 2016.
Finding the Right Security Mix
The prospect of maintaining a security operations center in-house is a daunting task for even the largest healthcare organizations, because the pool of expertise they can draw from often gets bogged down by everyday tasks such as routine system monitoring, training on new systems and services, helpdesk support and the seemingly endless number of meetings.
Most security personnel, no matter how large the organization, only monitor events, which does nothing to protect against the next breach. Healthcare IT must trend toward a multi-layered approach to protect the organization from both outsider and insider threats. The most effective approach is a hybrid MSP team of the most experienced professionals available who bring with them best-in-class technology. It is important to learn from each healthcare data breach, and understand that technology is not the solution but may be part of the problem.
With almost daily threats from hackers and cyberterrorists and legislation mandating compliance, in 2016 it will be more critical than ever to stay aware, not rely on technology alone, find the weakest human link and the right security link to prevent vs. react in order to keep patient data secure.