Healthcare Gatekeepers Putting Data at Risk

By: Arieanna Schweber | 2/29/2016

We recently released the results of our new report, IT Confidential: The State of Security Confidence, in which we uncovered some surprising truths about the insider threat. In particular, our report revealed that those tasked with protecting data, the “gatekeepers,” were often responsible for putting it at risk. This result was universal across all industries, including highly regulated industries such as healthcare.

We spoke with Healthcare IT News a bit more about our findings in healthcare, exploring the challenges in protecting data from employee misbehaviour, particularly given that many devices containing data are not corporate-owned.

Stephen Midgley, VP of Global Marketing here at Absolute, noted:

“I think in healthcare it's magnified because of HIPAA, HITECH, PHI. So, you can have all the security in place, but at the end of the day, IT is reliant on the employee to ensure security is implemented correctly. Yet, what we find is those very same employees try to find ways to circumvent the security policies that have been put in place."

Many employees are lax about data security on endpoint devices, which becomes the most problematic when IT isn't directly responsible for those BYOD devices. In this case, it’s important that organizations implement technology that is adapted to their environment and allows for complete visibility and control of the devices, regardless of ownership status or location.

We work with many healthcare clients who have successfully implemented Absolute DDS for Healthcare into their data security planning. Absolute DDS provides valuable insight into all of your endpoints and the data they contain, so you can not only have accurate information on the fleet of devices, but set up alerts for events and activities that could be precursors to a security incident. This could include changes to IP address, location and user, non-compliant software installations and much more. Such activities could trigger a security action or simply alert IT, depending on the risk profile set up in Absolute DDS. In healthcare, where data security is tightly regulated, we've worked with organizations that will automatically delete data if a device goes outside a specific area.

To learn more about gaining visibility into the endpoint and better managing data risk, visit our website.

Financial Services