The amount of endpoints on healthcare networks is growing exponentially, from BYOD and corporately-owned mobile devices to a host of IoT devices such as printers and smart appliances. All are brought in with the well-intended motive of improved productivity but when you combine device proliferation with healthcare organizations’ legacy systems and inadequate security budgets, it’s easy to understand why interoperability is such a pervasive problem in healthcare today. Better endpoint visibility and control is needed now.
Add to this mix, mistake-prone employees who lose devices or see them stolen, click on a phishing link or inadvertently send Personal Health Information (PHI) across insecure channels and you’ve got a recipe for embarrassing, costly leaks of sensitive data, not to mention the likelihood of hefty fines from regulatory frameworks like HIPAA and HITECH.
Unfortunately, response is little better for most. A recent Ponemon study found that traditional endpoint security approaches are ineffective and cost enterprises more than $6 million per year and result in poor detection, slow response and wasted time. Without better endpoint visibility and control, healthcare organizations will continue to experience financial losses associated with data breaches and even ransomware, as Hancock Health most recently did.
Healthcare organizations must better address interoperability, protect data and maintain HIPAA or HITECH compliance. Adding fuel to this fire is the coming General Data Protection Regulation (GDPR) framework set for enforcement in May 2018. Massive fines could be on the line if appropriate data security measures of European citizens aren’t met.
To maintain control over critical PHI or other sensitive data, healthcare organization should consider the following 3 approaches:
While the financial implications of attacks on healthcare data are obvious, it’s the impact these breaches have on the safety and privacy of patients that places the greatest impetus on the need to correct these critical gaps in data security.
To get a better assessment of where your endpoint security stands or potential considerations when evaluating or strengthening your healthcare cybersecurity posture, check out Absolute’s healthcare resources.