Stepping Up Security of Sensitive Data: 3 Questions Health IT Leaders Should Consider
By Damian David - Senior Director of Sales & Business Development
Mar 18, 2022
In October 2021, a ransomware attack compromised the insurance, diagnosis, treatment and other protected health information (PHI) of some 400,000 patients of a women’s health clinic in Los Angeles. The same month, hackers broke into the computer systems of a Florida-based healthcare network, compromising the PHI of some 1.3 million members.
These are not isolated examples. Healthcare consistently ranks as the top industry targeted by phishing, hacking and ransomware attacks. According to a recent Healthcare Triangle survey of healthcare IT executives, almost three-quarters of respondents said their organization had been victimized by such attacks.
Still, just one in five healthcare IT leaders would describe their protective measures around PHI as “exceptionally secure,” and another 23% say they are looking for new solutions. Is yours one of them? Here are three questions to ask as you consider how to improve your security measures around PHI.
1. Should we move our data to the cloud?
As healthcare and other organizations seek to achieve digital transformation, spending on public cloud services is expected to reach nearly $400 billion by the end of 2022. It’s easy to understand why. Transitioning to the cloud can significantly improve business continuity and cost efficiency by reducing reliance on on-premises backup facilities and data warehouses.
However, if your organization’s goal is to achieve true digital transformation, you also cannot afford to overlook the value of cloud-based data security and management, especially with respect to PHI. Indeed, properly encrypted, HIPAA-compliant cloud technologies can bolster your organization’s PHI cybersecurity defenses by providing 24/7, automated access to security patches and upgrades as well as offering valuable data redundancy for disaster recovery efforts.
2. Do we have the expertise to handle the unique requirements of the cloud?
The latest cloud technology is nothing without the expert IT personnel required to leverage it. Unlike hardware-based, on-premises IT infrastructure, the cloud relies on an entirely virtual, software- and code-based infrastructure, which requires unique skill sets. Creating a cloud center of excellence staffed by personnel with these skill sets, including expertise in information security, is vital for next-level protection of PHI. It also sets the foundation for comprehensive digital transformation.
3. Could we benefit from outside assistance?
Many healthcare systems, particularly smaller ones, struggle to leverage the cloud for maximum benefit. Indeed, almost two-thirds of healthcare executives surveyed by Healthcare Triangle say a lack of IT skills and talent hinders their digital transformation initiatives, according to an EY survey. Among many other challenges specific to protecting patient health data, healthcare IT executives surveyed by Healthcare Triangle report:
- A lack of financial and human resources
- The ongoing need for staff training on evolving and increasingly sophisticated hacking methods
- Long-term lack of investment in infrastructure
- Gaps in clear data ownership and complex/disparate security requirements that make managing protection of PHI difficult
Partnering with an organization like Healthcare Triangle and taking a managed cloud services approach can go a long way toward overcoming such hurdles. With its deep experience in helping organizations leverage the public cloud, Healthcare Triangle can help you optimize your healthcare system’s cloud operations, reduce costs, and most important, ensure that your PHI remains virtually impervious to data breaches, ransomware attacks and system crashes.
A Matter of Risk Management
Adopting an attitude of “It can’t happen to us” is dangerous. At its most basic level, securing PHI is a matter of risk management, and the risks of failure are real. In addition to the potential loss of patient confidence in your organization, the fines for noncompliance with federal HIPAA and HITECH data security regulations can run into the tens, even hundreds of thousands of dollars or more.
Leveraging the support of a managed cloud services team like Healthcare Triangle can empower your organization to fully leverage your investment for optimal value and safety.
For more information, read the Healthcare Triangle survey results.