The healthcare data security threat landscape, once characterized by insider carelessness and petty theft, has turned much darker. Healthcare IT professionals have found it difficult to keep up with the broadening attack vectors.
It's no surprise, given the depth and breadth of the typical health IT infrastructure, as well as the data it contains. Furthermore, existing compliance obligations under HIPAA/HITECH must continue to be maintained.
In thinking about securing sensitive data in the healthcare world, then, there are 4 core tenets to keep in mind:
1. Patient data must be protected.
Patient data is confidential and sensitive—from both the patient and provider perspectives—and therefore it must be protected. While this may seem obvious, it's truly the most important and relevant tenet for the healthcare industry at large.
2. Patient care is highest priority.
Technology cannot impact or impede appropriate care of a patient. Patient data must be available. For example, putting security measures like encryption in place cannot impede access to patient data by authorized caregivers.
3. Data intelligence and analytics are key to a successful IT implementation.
Without security data intelligence and analytics in place, you can only keep your fingers crossed that the protective "security walls" you've built are thick enough to keep the bad guys out.
4. A pure "protect" strategy is ineffective.
Organizations must have the ability to rapidly detect and respond to threats. Modern cyberattack vectors such as malware, spear phishing, rogue insiders and exploitation of web application vulnerabilities have forced a more balanced approach to security.
Out in the market in general, we’re seeing the development and adoption of new technologies continue to accelerate. The goal is to generate more and more data, leading to faster and better decisions and actions. Nowhere is this more true than in healthcare, where accumulating patient data can lead to faster and better diagnoses, and higher quality decisions and treatment.
Now more than ever, it's critical to maintain a diligent watch on healthcare data by leveraging logging and machine data into actionable security data intelligence and analytics.