News Feature | July 6, 2016

Healthcare Security Depends On More Than File Encryption

Christine Kern

By Christine Kern, contributing writer

When Encryption Isn’t Enough: Going Beyond HIPAA To Protect Your IT Clients

True data security means encryption of everything in transit, from end to end.

As healthcare organizations continue to dive deeper into digital, security has been an obvious (and ongoing) concern, especially in light of recent breaches and cyberattacks. But as they try to ensure the privacy of their protected data, it is important to recognize healthcare security depends on more than just file encryption — it must include the encryption of everything in transit, form end to end.

The reason for this is two-fold, according to Revation Systems’ CEO Perry Price, who has more than 20 years of experience with secure telecommunications and whose company helps hospitals transform digitally through a secure, HIPAA-compliant and unified communications contact center solution.

On one hand, hospitals are facing the challenge of the legacy architecture that many are trying to use to deploy their innovative telehealth solutions because many of the older systems aren’t able to handle the latest technological advancements. When older systems meet newer technology, it creates vulnerabilities that allow breaches and cyberattacks to occur.

In fact, according to The Ponemon Institute, “Ninety-one percent of healthcare organizations reported at least one data breach in the past two years, and more than 60 percent of hospitals have no breach response in place.” That means healthcare organizations need to be fully cognizant of their efforts to forestall cyberattacks before they can be launched.

But security in healthcare is about more than just file encryption. It’s the encryption of everything in transit; meaning application-level encryption with everything at rest, the ability to create private keys for single sessions and ensuring every aspect is HIPAA compliant.

Doug Copley, Senior Security and Privacy Strategist at Forcepoint, says, “The risk of data theft is only growing as government policies are driving increasing volumes of healthcare data to be routed across the Internet every day — to health information exchanges, public health entities, healthcare consortiums, and others. To effectively manage this risk, organizations need to keep pace with cyber security innovations to identify the riskiest insiders and data transfers and prevent sensitive data from getting into the hands of the criminals.”

That also means encrypting data at every stage of transmission, including robust controls at entry and exit points to the networks, strong insider controls that protect data at endpoint devices, and appropriate encryption tools throughout.

Ultimately, as more of the healthcare industry becomes digital, it’s vital for providers to get the security part right the first time, before it’s too late to rectify the situation and millions of private medical records are breached.