Overcoming cybersecurity risks in healthcare organizations
Share
Like many other industries in 2021, the healthcare sector continues to face data breaches and cybersecurity risks. A recent study from the Office of the Australian Information Commissioner (OAIC) has found the healthcare industry as the highest reporting sector for data breaches in the country.
35% of the breaches were a result of human error. Today’s patient lifecycle includes more touchpoints than ever before. But while electronic health records give healthcare workers more access to patient information, the risk of human error continues.
There’s a particular chance for human error or misconduct in today’s network of multi-function devices (MFDs), a mainstay of healthcare settings. Each time a document or form is captured—copied, printed, scanned, faxed or emailed—patient information is vulnerable to human error, theft, or delivery of data through noncompliant mobile devices.
According to the OAIC, 40 per cent of human error breaches are a result of sending personal information or data to the incorrect recipient while 8 per cent are due to individuals failing to use the ‘blind carbon copy’ function when sending group emails.
While data breaches because of human error may be difficult to eliminate entirely, there are a few ways healthcare organisations can reduce the risk and increase security.
1. Establish user rules and workflows
Healthcare organisations need to begin by managing content and user access across the entire network of MFDs. Managers need to establish workflow rules on who can use each device, what information should be protected, and what information can be transferred. As access to patient information varies from department to department, limits also need to be set on who uses a specific device in each unit. Each MFD should be capable of verifying user credentials and permitting access based on those rules. For instance, organisations may want to limit finance staff to printers in the administrative area, while denying them access to devices in patient areas.
2. Audit all network activity
Auditing allows MFDs to transfer tracking information to a database. If a data breach occurs, this capability helps IT administrators easily track down the source, the authenticated user, the file name and type, and where the data was sent. Having an audit process in place will help IT staff detect security weaknesses throughout the network and fix any issues.
3. Encrypt all data transferred between devices
It’s also important to encrypt all communications between smart MFDs and mobile terminals, servers, and destinations. This ensures documents will only be visible to authorised users. Data is encrypted while it’s in transit between MFDs, servers, and third-party applications. This includes electronic health records, line of business applications, and enterprise resource planning software.
4. Ensure data stays in the right hands
Healthcare workers are constantly moving in and out of departments and facilities. This increases risk of patient information falling into the wrong hands. With a follow-you print workflow, staff can send documents to the nearest printer, eliminating the risk of sensitive information being unattended for long periods. Micro-card readers and mobile authentication secure documents and ensure print jobs are released only to authorised personnel.
5. Automatically monitor and track PHI activity
When healthcare organisations simultaneously monitor and audit their MFDs, they can control patient information before it ever gets to its intended destination. By monitoring and tracking protected health information, devices can proactively warn about potential cybersecurity risks. It will also help with automatic content filtering and redaction, further maintaining the privacy of patient healthcare information.
6. Secure routing workflows
The capturing of documents into a network folder is the most common and unreliable form of workflow. To eliminate risk, organisations need to integrate network scanning with a print secure framework. Network devices should be industry compliant and integrate with electronic health records and clinical applications. Optical character recognition (OCR) of all captured documents will allow organisations to search and share data securely. In addition, you can use APIs to integrate network fax servers with business applications—enabling the secure transfer of patient data.
Ensuring the security of patient information is a primary goal for every healthcare organisation. By using these tips, healthcare professionals can boost security, minimise data breaches and cybersecurity risks, and improve the patient experience.
Note: Content has been edited for style and length.
Andrew Mellor is a Regional Vice President ANZ at Kofax. A passionate and energetic leader with 27+ years of assisting Customers in EMEA & APAC drive growth through Enterprise applications and Cloud solutions.
Specialties: Start up, ERP, HCM, Sales, Marketing, Customer Service, SaaS, CX, Customer Engagement, AI, RPA and intelligent automation.