Guest Column | July 14, 2017

5 Ways To Protect Sensitive Healthcare Data

Establishing A Security Policy

By John Harris, chief technology officer, SIGNiX

The number of ransomware emails jumped 6,000 percent between 2015 and 2016, per an IBM Security study. To put that into perspective, SonicWall reports there were 3.8 million ransomware attacks in 2015 and over 638 million in 2016. Despite the staggering increase, ransomware attacks are expected to continue rising in 2017, with some analysts expecting them to double.

Of all the industries targeted, healthcare is particularly susceptible to such attacks because it relies on having access to critical information at all times. But ransomware isn’t the only cyber-attack hitting the healthcare industry — there’s also malware, phishing, Distributed Denial of Service (DDoS), and more. In fact, 89 percent of healthcare organizations have experienced some type of data breach that resulted in stolen or lost patient records, according to Healthcare Dive.

So how can healthcare organizations protect private patient information from cyber criminals? Following are five ways.

  1. Encrypt All Patient Data
    Healthcare organizations have steadily introduced more mobile devices to their practices, such as smart phones and tablets, which give them quick access to online resources and allow them to access patient data remotely. With this increase in mobile device usage, the need for encrypting data is more important than ever before. If a healthcare professional’s phone or laptop is misplaced or left unattended, someone could easily access unencrypted data, putting patients’ privacy at risk. Encrypting patient files helps ensure unauthorized users will not be able to view the data, even if they manage to steal the device.
  1. Train Your Employees
    Educating your employees on cybersecurity best practices is foundational to the health of your organization’s data security. Employees are like gatekeepers, determining what data comes in and what goes out. Help them understand the vital role they play in protecting patients and educate them on the risks — and consequences — of cyber-attacks.

Equipping your people with the knowledge and skills to defend against an attack should be a key part of your cyber protection strategy. Train employees to identify red flags in their email communication, as it is one of the most common methods used to spread cyber-attacks. Phishing emails can be difficult to detect, but misspelled words, links or domain names will often reveal a fraudulent message.

As you educate your team, implement certain guidelines to govern how they handle data, like not sharing passwords and requiring multi-factor authentication to access files, to further protect patients’ privacy.

  1. Use Updated Technology And Software
    As cyber-attacks have evolved over the years, so should your software and technology. Keep your software and modern equipment updated, so you are better suited to defend against cyber-attacks, and implement certain tools, like firewalls, antivirus protection, and digital signatures to help improve your organization’s cybersecurity.

With digital signatures, patients can complete, sign, and submit paperwork online before their arrival. Not only does this save time for both the patient and the provider, it’s also more secure. Instead of putting that sensitive information on paper, which is handled and seen by numerous people, it can be securely uploaded to a cloud-based system that can only be viewed by authorized users. Few e-signature technologies allow you to comply with HIPAA regulations, so it’s important to look for a platform that includes identity verification, tamper-evident technology and a comprehensive audit trail that records each step of the signing process.

  1. Vet Your Software Vendors 

Healthcare organizations rely on different software vendors to handle various processes like billing, document management, and more, so making sure their security standards meet yours is a key factor in your organization’s cybersecurity program. Before selecting a new software vendor, be sure to do your homework. Identify the key privacy and security features your organization needs, and don’t settle for a vendor that can’t live up to your standards.

  1. Limit Your Data Footprint

It’s not uncommon for an organization to keep more than one copy of data or documents containing confidential information, and sometimes unnecessary copies are maintained outside of the enterprise’s control. For example, e-signature vendors frequently store e-signed documents so the document and signature’s legal validity can be verified. With a true digital signature, however, the necessary legal evidence is permanently embedded in the document maintained by the healthcare entity or its storage provider, and the digital signature vendor can delete its copy with no loss of legal proof. By limiting your data footprint, you can decrease the risk of your data being wrongly accessed.

The risks of a cyber-attack are too great to ignore, especially when patients’ privacy is on the line. By implementing these steps, healthcare organizations can better defend themselves against costly, interruptive data breaches and focus on what they do best — serving patients.

About The Author 

John Harris is the chief technology officer at SIGNiX, the first independently verifiable digital signature company in the U.S. that makes signing documents online safe, secure, and legal for any business. Learn more about what makes SIGNiX different at or on Twitter at @signixsolutions.