5. Are You Doing Enough to Protect Your Data?
 S
2
 E
5
Maximize Value Through Process Transformation
5. Are You Doing Enough to Protect Your Data?
A data breach can be extremely costly, especially if you're handling PHI or PII in healthcare. Threats come in many forms, and not just from the outside. Are you prepared for them?
Series 
2
Episode 
5
Published on
January 11, 2019
“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” ― Stephane Nappo (1)

What is the cost of a breach?

How much is my reputation worth?

Can I protect my business without putting extreme strain on my processes and employees?

Welcome back to TeloChain’s Real-World Healthcare Insights! This is the fifth in a series on how secure technology-enabled process transformation and strategy redesign can help you harvest the full value of healthcare services.


We’ve looked at how utilizing intelligence and transforming your process close the healthcare value gap. The final pillar, which doesn’t so much close the value gap as it does protect the value you generate, is security. Perfecting process and intelligence will have been for nothing if your organization suffers from a breach. Immediate consequences to the health and well-being of the people you serve can be severe, and long-term consequences to your revenue and reputation could be insurmountable. However detrimental a data breach in any other sector can be, the repercussions are grave in healthcare.

Cut to the punchline: Cyber security makes splashy news, but antiquated paper processes, data mishandling, and inadequate employee training and monitoring can be even bigger threats to your business. You need a partner to help you go digital that you can also trust to protect you once you’re there.

Security breaches: To err is (mostly) human and painfully costly

Earlier this year, BestBuy, Sears, Kmart and Delta lost hundreds of thousands of credit card records when malware infected their [24]7.ai chatbot software, opening access to records within the companies’ online systems. Only 6 months later were the companies notified about the breach, a failure of technology made worse by human actions. (2)

And who can forget the 2015 hack of millions of Anthem customers and employees, in which their data wasn’t encrypted? (3) Experts said that encryption would have made it harder for hackers to access—but would make it harder for the company to access, analyze and legitimately share their data. With today’s advances in computing power, can we have both data security and usability?

Yet even with the perfect technology-based security, breaches can come from within, (4) highlighting the need for a multilayer “360” strategy, particularly when business partners need access. When you work with a vendor, you’re exchanging a degree of direct oversight for greater speed by farming out certain tasks—but you’re putting your reputation on the line. Third party breaches now represent the largest category by cost for data breaches across the country. And within healthcare, the cost of a breach is more than any other sector at an average of $380 per breached record: (5)

Looking at the per capita cost of a breach by industry, healthcare is at the top

Cybersecurity is not all you need to be worried about

A recent Verizon review of 1,368 healthcare data breaches (6) found that only one-quarter were due to hacking and malware. So where are the breaches occurring? 58% of incidents involved insiders – healthcare is the only industry in which internal actors are the biggest threat to an organization.

The review highlights the high reliance on paper as the primary cause:

“Medical device hacking may be in the news, but it seems the real criminal activity is found by following the paper trail. Whether prescription information sent from clinics to pharmacies, billing statements issued by mail, discharge papers physically handed to patients, or filed copies of ID and insurance cards, printed documents are more prevalent in the healthcare sector than any other. The very nature of how PHI paperwork is handled and transferred by medical staff has led to preventable weaknesses—sensitive data being misdelivered (20 percent), thrown away without shredding (15 percent), and even lost (8 percent).”

We’ve said that reducing paperwork improves efficiency and remedies a host of other ills. And now we know that paper may be your greatest threat to security.

Categories and most-common subcategories threats in the Verizon study. Percents in subcategories represent % of determined breaches (e.g. 442 Errors).

A holistic approach to security

Breadth is as important as depth when it comes to developing a comprehensive security apparatus. In addition to deploying an array of digital and even physical defense mechanisms, you must instill what we call a culture of compliance: a feeling of stewardship and responsibility for the organization and its sensitive property. The systems and the compliance policies must then support each other; adhering to the policies should be made easier by the devices and security programs in place. Navigating all of the challenges of a comprehensive security strategy is overwhelming, so finding great partners you can trust to grow with you is essential.

Image licensed under a Creative Commons Attribution 4.0 International License and adapted from Incapsula

At TeloChain, security is in the framework of everything we do. From our own internal systems to the solutions we offer, a culture of compliance is ingrained in our fabric. A combination of industry standard and proven cutting-edge security parameters prevent leakage of sensitive data and system intrusion by outside actors. All of our solutions and security measures comply with the most rigorous standards and frameworks, including HITECH, SOC2, and of course, HIPAA.

With the proper selection and application of appropriate security technologies, Protected Health Information (PHI) and Personally Identifiable Information (PII) access is effortless for patients and providers while being nearly impossible to breach.

  1. The first step is making the sensitive data extremely difficult to access. Common practices include using a public IP address whitelist, multi-factor authentication, strong password requirements, a VPN connection, and separate computers for user applications and underlying data.
  2. The second is keeping all the sensitive data encrypted at rest and in flight. Even if someone makes their way to a PHI data repository, there’s nothing to see because it’s encrypted. When transmitting data to external parties, use a secure, encrypted connection.
  3. Finally, there’s education and training to ensure that everyone knows the importance of data security and the specific, practical steps they need to take to keep PHI secure

Read more about our 360º approach to security in our white paper.

Propel your security apparatus into the future

Industry standard is good, but cutting edge is great. With security threats evolving all the time, being able to stay ahead of the curve is vital to maintaining infrastructure integrity. One of the most disruptive innovations in data technology is blockchain. While most of the blockchain buzz is around its role in cryptocurrencies, blockchain has huge implications in data integrity and security:

  • Decentralized: everything is distributed to a network—each with a complete copy of everything stored on the ledger—so if one goes down, there is no data loss
  • Immutable: due to the nature of the cross-checks on every document across the entire network, modifying or corrupting the integrity of data by outside forces would require hacking all nodes on the networks at the same time, which is practically unfeasible
  • Private: while public implementations of blockchain such as cryptocurrencies readily come to mind, blockchains can be private as well—allowing for tight controls on participants and types of transactions

TeloChain maintains a private blockchain network and an entire proprietary interface built around it. Our blockchain requires identity authentication to access any information stored on the chain, ensuring only necessary access and preventing errors and misdirected documents. All of our process automation solutions utilize our blockchain, so you automatically enjoy the benefits of blockchain technology when you work with us.


What is your organization doing to keep your data safe? Are you protected from a breach? Join the conversation below or contact us if you want to know more.

NOTES

  1. Perhaps in the far future, we’ll have the Omega-13--a device in the movie, Galaxy Quest (https://en.wikipedia.org/wiki/Galaxy_Quest), that reverses time 13 seconds (much shorter than Nappo’s ‘few minutes’). In the spirit of keeping your reputation--and avoiding wear and tear on the space-time continuum--we advocate a multi-layered preventive approach.
  2. Top 11 third-party breaches of 2018 (so far). CyberGRX June 7, 2018 https://www.cybergrx.com/resources/blog/top-11-third-party-breaches-of-2018-so-far-data-breach-report/. (Accessed November 21, 2018)
  3. Anthem failed to encrypt customer data prior to cyberattack. The Verge. February 6, 2015. https://www.theverge.com/2015/2/6/7991283/anthem-hack-encrypted-data. (Accessed November 21, 2018)
  4. Insider threat examples: 7 insiders who breached security. CSO Online. March 19, 2018. https://www.csoonline.com/article/3263799/security/insider-threat-examples-7-insiders-who-breached-security.html.
  5. Healthcare data breach costs highest for 7th straight year. Health IT Security. June 20, 2017. https://healthitsecurity.com/news/healthcare-data-breach-costs-highest-for-7th-straight-year, Citing Ponemon study, https://www.ponemon.org/news-2/23.
  6. Protected health information data breach report. Verizon. 2018. https://enterprise.verizon.com/resources/reports/protected_health_information_data_breach_report.pdf.
  7. 4 reasons blockchain clould improve data security. CSO Online. June 5, 2018. https://www.csoonline.com/article/3279006/blockchain/4-reasons-blockchain-could-improve-data-security.html.
Maximize Value Through Process Transformation
 S
2
 E
5