By Mr. Filip Cotfas, Channel Manager, CoSoSys
Medical laboratories and imaging centers collect, process, and store data that is considered highly sensitive. However, with the increasing connectivity of information systems, laboratory endpoints, and instruments to the internet, they often struggle to keep up with the demands to protect and secure sensitive information continuously.
The broader healthcare industry, of which both medical laboratories and imaging centers are a part, has continuously averaged the highest total data breach costs of any industry. For example, clinical labs store large amounts of sensitive patient data whose theft or loss can impact treatment outcomes and patient privacy. Data breaches in research laboratories may lead to delays in developing new treatments.
Because of this, medical labs and imaging centers need to address data security to ensure compliance with data protection laws and avoid the massive costs associated with data breaches in the healthcare industry. Here are our tips for maintaining data security.
1. Control the use of removable devices
Even in controlled environments, computers will not have access to the internet, but they will have USB and peripheral ports. Employees still use removable devices such as USBs or external hard drives to copy large amounts of information or big files. They are popular tools for malware attacks. They can be easily lost or stolen due to their size and portability.
Medical labs and imaging centers can address this vulnerability by implementing Data Loss Prevention (DLP) solutions with device control features. DLP tools allow organizations to monitor and control the use of peripheral and USB ports and Bluetooth connections. In this way, medical labs and imaging centers can block the use of removable devices or track and limit their use to trusted devices.
DLP solutions make it easy for organizations to spot suspicious activity on their network, identifying which employees are using removable devices at what time. Some take things one step further by offering granular policies that allow medical labs and imaging centers to choose different levels of restrictions based on groups, departments, devices, or individuals.
2. Address internal threats
27% of data breaches in the healthcare industry are caused by human error, one of the highest percentages across all industries. Cybercriminals also target employees directly through phishing and social engineering attacks, and some employees themselves can become threats when they turn malicious and attempt to exfiltrate data.
To address internal threats, medical labs and imaging centers can turn to DLP solutions that allow them to identify, monitor, and control sensitive data.
With powerful content inspection and contextual scanning tools, DLP solutions can identify sensitive data in files and the body of emails before they are sent, blocking their transfer through insecure channels such as messaging apps, file-sharing websites, and cloud storage services. They can also prevent sensitive data from being printed and copy-pasted.
3. Restrict access to data
When stored locally on work computers, sensitive health can also be exposed to theft and loss. This is another form of negligence: they often access, save and download sensitive data as they perform their duties and then forget to delete it. This can become a significant risk to data security. There is a need for the law to emphasize the need to limit access to sensitive patient information.
Medical labs and imaging centers can use DLP solutions to search for sensitive data stored locally on their entire networks. When found in unauthorized locations, they can take remediation actions such as deletion or encryption when found in unauthorized locations. In this way, they ensure that only employees that need to work with sensitive data have access to it.