Like any other industry, healthcare has a great deal of misinformation floating around security best practices. This is especially the case when it comes to securing a healthcare organization’s EHR data. Review the different misnomers that have been debunked of late and what healthcare IT security pros think of perception v. reality when it comes to current security trends.
1. Encrypt, encrypt, encrypt!
Simply put, many (this publication included) are quick to direct organizations to encrypt their data without knowing the many different places the data resides or whether all of the data stays at rest or parts of it are in motion. While, yes, healthcare organizations must encrypt their patients’ data, they also need to know what they’re encrypting and where in their infrastructure.Encrypting data at rest is obviously different than encrypting data in motion. For example, Will Sanders, Senior Technology Specialist and Storage Architect at Geisinger, focuses on encrypting data at rest and isn’t concerned with securing data in motion or within a data center (see more down below).
2. BYOD leads to more problems than it helps
Many healthcare IT pros will explain that mobile security and whether or not to allow BYOD is one of the, if not the preeminent, source of concern for them. But some of the CIOs and CISOs thatHealthITSecurity.com has spoken to of late appear to have aligned their organization’s BYOD policies with the best-available technology to at least make the best of a situation that’s not ideal security-wise.
3. Lock the perimeter!
If there’s one message that’s come across from the people who really know the healthcare IT industry and current security trends well, it’s that the “four walls” of a network have been broken down. Now securing a network involves these security administrators comprehensively looking at individual users from both the inside and outside, as well as their devices, trying to gain access to the healthcare organization’s network. Further, organizations are starting to tie in their network and mobile security strategies in tandem with being concerned about walls and focusing on the users and the data.
4. All data is either virtual or in paper form
Though the perception is that most healthcare organizations have moved on from using hard disk storage, many healthcare organizations still need to encrypt data at rest. Case in point, Geisinger Health, where at bare minimum the organization must lock down the data at the disk level. While this doesn’t prevent file-level intrusion, physically securing these disks is a significant part of Geisinger’s security because it has a large volume of data in that form.
