Thursday, February 27, 2014
Healthcare data struggles point to importance of secure file sharing
Of the industries that require the highest degrees of protection for data resources, the healthcare sector is certainly among the top.
Of the industries that require the highest degrees of protection for data resources, the healthcare sector is certainly among the top. Not only is personal health information strictly regulated by law, medical professionals depend on rapid access to comprehensive, up-to-date, accurate information so they can treat patients and make on-the-spot decisions. Although not all companies face the same urgency for data access and protection, most organizations have valuable and sometimes sensitive data that needs to be kept secure while also made available to employees. Therefore, many of the data management challenges the health industry is facing provide lessons that cut across industries, calling for better secure file sharing and managed file transfer solutions.
Data management struggles in medical centers
According to a recent HIMSS Analytics study, hospitals are using outdated and inefficient methods to back up their increasingly large banks of data. In addition to having low-performance, high-cost processes, these medical facilities are putting data and their organizations at risk because their systems do not adhere to regulatory guidelines for information security.
"The amount of data flowing through our healthcare system today has rendered the old ways of managing it obsolete," said Michael Leonard, director of product management of Healthcare IT Services for Iron Mountain. "If you look at this survey, you'll conclude that most hospitals continue to treat all data the same and don't sufficiently tier it based on its importance and access requirements."
Part of the problem consists of how healthcare organizations segregate their data for management and storage, the study found. Whereas about 30 percent of the information is actually needed on a day-to-day basis, the medical centers treat 75 percent as "active," storing it for immediate access rather than maintaining it in a more cost-effective manner. The report also indicated that almost a third of healthcare organizations don't have backup and disaster recovery plans in place, which is particularly crucial for medical facilities that need to keep treating patients during periods of downtime and system failures.
In addition to these data management issues, healthcare providers often resort to insecure methods of sharing information, which departs from regulatory compliance. This includes sending data about patients via text message or email, AudioEducator said. InformationWeek indicated that failure to adhere to best practices, such as strong passwords and optimized networks, is also introducing vulnerabilities into healthcare data centers. Bolstering security across organizations includes making sure systems are updated and running on newer versions of software and operating systems.
"A lot of equipment that you find in hospitals is actually hardware that's running Windows XP Embedded, and it's not getting patched on a regular basis," Craig Young, a Tripwire security researcher, told the source.
Healthcare organizations need better collaboration tools
With over half of healthcare professionals working remotely, the need for secure file transfer and collaboration tools is exceedingly urgent, InformationWeek asserted. Because of the highly sensitive nature of health information, medical facilities need to provide tools for their employees that facilitate cooperation while upholding industry standards for security. The Cooperative of American Physicians advises against texting protected health information because this practice is insecure and violates HIPAA regulations, AudioEducator explained. However, clinicians often need to communicate quickly with their colleagues to consult about a patient's care, so they need solutions that give them the ability to discuss health details within an appropriate environment. Communicating with patients via email or health portal also requires security precautions, the source added.
A SANS Institute study conducted from September 2012 to October 2013 revealed that 375 different healthcare networks had their data compromised by attackers during that time period, InformationWeek reported. These numbers point to the need for better security practices, despite the fact that health organizations already tend to have more protected systems than other industries, the source continued. Data breaches, whether caused by malicious cyberattacks or stolen hardware, can result in significant financial and public relations consequences.
Like the medical sector, organizations in many industries need to protect their information while allowing employees to access, share and collaborate on documents. To create a secure environment, companies should make sure their systems are updated and have top-notch security measures installed. They should also seek file sharing and data management solutions that give employees convenient, intuitive options for completing their tasks without putting information at risk.