Over 385 healthcare data breaches have been reported since September of 2009 on the HHS.gov website. Reported by the Secretary of Health and Human Services, any breach of over 500 individual’s records is required by the HITECH Act to be posted on their website. Although this data alone is astonishing by taking a closer look we can easily see how a more secure method of data protection can be achieved.
The most common form of data breach is through lost or stolen devices containing unencrypted confidential data. With over half of healthcare breaches coming from this route alone it would seem like a no brainer to keep all data stored on a central server that can be accessed remotely. This would eliminate half of the problem by not allowing data to be stored on devices.
Encryption Can Be Cracked
Although encryption may seem like the easy answer it would only solve part of the problem. Encryption can be cracked… if given enough time with an encrypted file a not so savvy criminal could gain access to confidential information. Also when it comes to data, 3 years down the line when the level of encryption is far less than its current state the confidential information is still just as valuable. Although the information would be encrypted, the old security would allow modern programs to crack that security more easily.
Server Security and the Cloud
At one time server security would not have been an option however advancements in not only IT security but authentication allow servers including cloud computing to be one of the most secure forms of data protection. By not allowing the data to be transmitted or stored it would not be floating around on unsecure devices. Also only authorized individuals would have access to the server which would eliminate data from being seen by restricted users.
Cloud computing is becoming widely adopted by corporations because security and accountability can be handled by 3rd party companies with more experience. So arguably, it can be safer to store data out in the open on a cloud than your very own server since the cloud security would be stronger.
Out-of-Band Authentication Security
Everyone has a mobile phone which they carry with them constantly. There are very few times when an individual does not have their mobile phone with them. This makes it a very effective and efficient form of authentication security. By sending an OTP through SMS text message, a user can be identified through an out-of-band authentication method. Furthermore by keeping the process out-of-band the process prevents malware from stealing information for authentication. It is an added layer of protection which creates a secure form of identifying users.
Over 19 million individuals have been affected by healthcare data breaches according to the HHS.gov archive. Through out-of-band authentication security almost 10 million patients and physicians personal information would be safe since over half the problem comes from unsecure devices. Encryption may seem like a secure answer but in the end keeping the data off of devices is where true security lies.