But it even goes beyond external threats. Equally important is making sure the organization is insulated from mistakes by both well-meaning employees and malicious insiders. Busy staff members are bound to make mistakes regarding PHI. With the ubiquity of email, it’s not uncommon to find a breach where employees accidentally (or carelessly) attached a spreadsheet or document containing PHI. A mistake like this could result in personal harm or defamation and will have severe implications for healthcare professionals in countries that have data protection laws in place.
To prevent brand damage, fines, and audits, healthcare organizations must actively seek to identify and prevent PHI from leaving the organization without the proper safeguards in place. However, this can be a monumental task without the right technology. There are capabilities that can help address this challenge for healthcare organizations to scan, identify and take action on emails containing PHI. These actions include holding the message for review, encrypting the content, applying secure messaging between parties, converting the files and more.
Ensuring that PHI does not leave the organization without the proper encryption and safeguards is just as essential as securing against external attackers. Healthcare is the only industry where employees are the predominant threat of a breach.
The healthcare sector is at major risk. The time is now for them to rethink cyber security and implement strategies that make them resilient and prepared for both internal and external threats.
Brandon Bekker is Managing Director at Mimecast, Africa and the Middle East