Guest Column | March 31, 2016

The Perils Of Storing Key Content On-Site

HITO Antonis Papatsaras, SpringCM

By Antonis Papatsaras, chief technology officer, SpringCM

“Electronic medical records led to quite the unique hostage situation in Los Angeles [recently].”

That’s what The Washington Post wrote about a computer hack at an L.A. hospital, prompting the hospital to pay $17,000 in ransom to the hackers.

Hackers used malware to lock access to certain computer systems at Hollywood Presbyterian Medical Center, preventing staff from sharing medical records electronically.

This incident has prompted questions as to how the hospital stores and manages its records. The medical records were stored electronically on an internal server, but it’s unknown whether its network infrastructure provides a tiered level of security, whether its IT staff properly encrypted the information, trained staff on anti-phishing techniques, or conducted frequent security and vulnerability audits.

Furthermore, it is not clear whether the right policies and procedures exist internally to ensure the right employees have access to sensitive data and a full audit trail of every action taken is available. All of these, and more, should be the responsibilities of the organization running the internal IT operations, and in this case, it was the hospital itself.

The news shed light on how important documents are being stored and shared in a world where computer-hacking is becoming more common. What if contracts, the revenue-source for a company, were suddenly not accessible?

A 2015 industry survey found 60 percent of respondents store contracts on shared drives. More than 30 percent said they still store contracts in file cabinets. These methods open an organization to huge risks.

Here are three potential costs of storing contracts on-premise:

IT Support
On a home-grown platform, security will only go as far as the skill of your IT team. In order for an IT team to compete with hackers, the organization would need to invest more money to support initiatives like:

  • ongoing IT training
  • 24-hour support
  • self-risk assessment and vulnerability scanning processes

While costly, these steps are necessary to keep the IT department adaptable to cyber threats and up to speed with the constantly changing security requirements.

Increased Risk Of Human Error And Devalued Data
When contracts and medical records are stored on shared drives, desktops, or file cabinets, it means documents can only be shared through channels like email or fax. Each time a document is sent, a new version is being introduced. Couple the versions from one transaction with all the other transactions in process, and it becomes very easy to pick up the wrong document.

The wrong contract, for example, could have outdated terms or prices that allow the customer to pay less or back out of certain agreements, all which reduce the value of the contract. Keep in mind, email accounts are common targets for hackers, so it’s a best practice to avoid emailing important documents in the first place.

Spending Time (And Money) Finding Key Records, Contracts
For medical staff, time is money. Whether it’s closing a contract or renewing it, the faster it’s done, the faster the provider can realize revenue. Since professionals are handling multiple contracts at once, one can imagine how long it could take to search through shared drives or file cabinets for the right versions.

What’s the most cost-effective way to secure documents? Instead of relying solely on the IT team to protect content, organizations should consider storing documents and information in the cloud. Benefits include:

  • Robust security and compliance policies in place — cloud companies have dedicated departments and spend tens of millions every year to stay ahead of hackers.
  • A central repository for all documents, indexed, categorized, and easy to find.
  • Streamlined accessibility to contracts and other important content.
  • Frequent software upgrades, which provide a good mechanism to ensure security and risk mitigation. Frequent software releases bring increased productivity to your organization via customer-focused features.

Allowing contracts and other records to fall victim to security breaches not only damages the value of an organization, but also hurts customer relationships and the ability of organizations to grow. Working with the right provider offers the organization peace of mind and lets it focus on its core competencies.

Dr. Antonis Papatsaras is chief technology officer for SpringCM. Papatsaras can be reached at apapatsaras@springcm.com.