INTELLIGENT VERTICAL: HEALTHCARE
“
advancements in the way patients are
treated. Personal and medical details are also
used by staff who handle post care activities,
from post-op follow-up to billing. This reduces
the admin involved and makes it a far more
efficient experience for patients.
However, housing this kind of personal
information poses a severe risk. Without
the right security in place, this data is left
exposed to external threats, as malicious
actors use targeted threats to infiltrate
networks. But when you’re dealing with
something as important as people’s lives, it’s
not enough to only have security in place,
the continuity of services is vital. Take the
WannaCry ransomware outbreak earlier this
year for example, where entire hospitals in
the UK were shut down.
Healthcare institutions therefore need to
have a cyber resilience strategy in place. This
will help them defend against threats such
as ransomware, allow continuous access to
critical applications and information during
an attack and provide the ability to recover
data to the last known workable state, after
a threat is neutralised.
But it even goes beyond external threats.
Equally important is making sure the
organisation is insulated from mistakes by
Brandon Bekker, Managing Director at
Mimecast, Africa and the Middle East
both well-meaning employees and malicious
insiders. Busy staff members are bound
to make mistakes regarding PHI. With the
ubiquity of email, it’s not uncommon to
find a breach where employees accidentally
(or carelessly) attached a spreadsheet
or document containing PHI. A mistake
like this could result in personal harm or
defamation and will have severe implications
EQUALLY
IMPORTANT IS
MAKING SURE THE
ORGANISATION
IS INSULATED
FROM MISTAKES
BY BOTH WELL-
MEANING
EMPLOYEES
AND MALICIOUS
INSIDERS.
for healthcare professionals in countries that
have data protection laws in place.
To prevent brand damage, fines, and audits,
healthcare organisations must actively seek
to identify and prevent PHI from leaving the
organisation without the proper safeguards
in place. However, this can be a monumental
task without the right technology.
For email, Mimecast recently introduced
data loss prevention (DLP) capabilities that
can help address this challenge. Healthcare
organisations can scan, identify and take
action on emails containing PHI. These
actions include holding the message for
review, encrypting the content, applying
secure messaging between parties,
converting the files and more. As part of
the service, Mimecast can notify the sender,
recipient, and administrator of a message
flagged as containing PHI.
Ensuring that PHI does not leave the
organisation without the proper encryption
and safeguards is just as essential as securing
against external attackers. Healthcare is
the only industry where employees are the
predominant threat of a breach.
The healthcare sector is at major risk. The
time is now for them to rethink cyber security
and implement strategies that make them
resilient and prepared for both internal and
external threats. n
86
INTELLIGENTCIO
www.intelligentcio.com