Healthcare organizations have unique security needs

Healthcare organizations have unique security needs

No matter the field, IT workers can take advantage of new developments in systems like mobility and the cloud. However, IT security stipulations may change considerably from one company to another. Healthcare providers, for example, have needs for security that outstrip companies in other fields. Bound by tight regulations and responsibilities for the storage of personally identifiable information for multitudes of patients, the organizations may face special challenges when trying to add new features to networks.

Devices bring risk
Information Management contributors Dianne Bourque and Stephen Bentfield recently explained that the trend toward the consumerization of mobile devices has introduced trouble in the medical field, where a single unsecured phone could act as a hacker's access point or a misplaced tablet could yield thousands of patient Social Security numbers. According to the authors, the HITECH Act has empowered regulators to impose fines for violations of HIPAA. Such fines apply to organizations that leave security gaps.

Bourque and Bentfield noted that companies pondering a move into a bring your own device model should first conduct a thorough sweep of their existing defenses. They explained that some firms may find problems already present, with employees using unsecured phones to access protected files. Penetration testing could be a vital component of this self-inspection process.

Sources of loss
A Kaufman Rossin report focusing on the causes of information loss in healthcare noted that firms should prepare for the theft or loss of portable media, as such events are far more common and likely to yield results than a direct hack. In 2011, for example, hackers compromised 52,374 patient records. Media losses, on the other hand, exposed over 6 million. As technology in the workplace improves, health executives will need to ensure their best practices keep pace.