Yes, It’s Time to Encrypt PHI Data!

Although employee negligence and lost/stolen devices continue to be major causes of data breaches, criminal attacks are now the leading cause of breaches in healthcare.

What are these cyber criminals doing to get access to the data, and what is causing the breaches in our healthcare organizations? Ponemon’s report says that 88 percent of these breaches came from phishing to get a foothold into a network. The attackers try to compromise employees who have elevated privileges that will give them access to sensitive systems and critical data.

Stronger technical controls like encryption and bio-access security devices will prevent damages from most of these attacks. These criminal are not looking for gall bladder surgery data; they are looking for financial information they can use to rob unsuspecting patients.

Two things need to take place immediately; we need to begin to encrypt all stored PHI and we need to improve the security measures that protect access to that data.

Even though data processing speed sometimes suffers as a result of encryption, the justifications for not encrypting data are quickly going away. Safe and secure are better than fast.

Secondly, we must take the human element out of PHI data access. Bio-access security systems must be employed that will thwart unsuspecting healthcare workers from falling prey to sophisticated “phishing expeditions” by professional hackers.