• Home
  • >
  • Blog
  • >
  • 7 Ways to Protect Your Patient Data from Cyber Security Breaches

7 Ways to Protect Your Patient Data from Cyber Security Breaches

Martin Rothe

Security Operations Centre Analyst

Cyber criminals have increased their activity as they look to capitalise on the coronavirus (Covid-19) pandemic. Our latest blog looks at seven ways healthcare organisations can improve their cyber security.

Protecting patient data is a big challenge for UK healthcare organisations. The health sector generated nearly 20% of all personal data breach complaints, according to ICO’s latest annual report.

Of course, not every data breach is down to a cyber attack, but it does form part of the equation. With the sheer amount of confidential patient data being stored and shared, number of public facilities and long chain of medical partners, the healthcare sector is an attractive target for cyber criminals.

This risk is now amplified due to Covid-19, with hackers targeting healthcare organisations in the hope of gathering related information, such as Covid-19 data and vaccine research.

Since the 2017 WannaCry attack, which cost the NHS £92m, substantial investment had been made to upgrade systems and cyber security resources.

However, limited budgets continue to hamper the sector’s ability to adapt to technological challenges and prioritise cyber security. With cyber criminals are taking advantage of this, it’s important that healthcare organisations make cyber security and protecting their data a main priority.

Here are seven ways you can enhance your cyber resilience, maintain compliance and keep your patients’ confidential information secure.

 

7 Ways to Protect Your Patient Data from Cyber Security Breaches

1. Train and educate staff
2. Perform security assessments
3. Keep software updated
4. Create regular backups
5. Keep collaboration and productivity tools secure
6. Have a response and recovery plan
7. Seek advice from security experts

 

1. Train and educate staff

Recent cases such as the Twitter hack have shown that even the most tech-savvy companies have experienced data breaches due to social engineering attacks on internal staff. Besides clicking on phishing links, other issues include things like failing to safeguard passwords and misusing access to data.

The huge risk human error presents to breaches in the healthcare sector means keeping staff trained and informed on cyber security should be one of your top priorities.

Simulated phishing campaigns are a great way to assess your employees’ understanding and awareness of phishing. By sending out fake phishing emails, you can gauge how vulnerable they are to such emails. Once gaps in knowledge are identified, you can then work with your teams to provide further guidance to those who need it.

 

Guide-to-Phishing

Free Download: A Guide to Phishing

Our recent research on mid-market IT priorities shows time and time again that data privacy is the top priority for most businesses. One of the very real and complex threats impacting these businesses is called phishing.

Download the guide

 

 

 

2. Perform security assessments

As a healthcare provider, you are aware of the high data security risk your industry faces. But what about your specific organisation? Assessing your security posture will make it much easier to protect yourself against cyber attacks.

Regular penetration testing, for example, will help with this. By ethically hacking your systems and applications, penetration testing exposes the vulnerabilities within your network that a hacker could exploit.

Once you are aware of the security issues you are exposed to, you can then work to rectify them and reduce the risk of cyber criminals entering your systems.

 

3. Keep software updated

Installing system updates as soon as they come out is critical because they typically include security patches for the software. Your devices are much more vulnerable to attack if your software is outdated, so ensure you have a plan for monitoring and updating network devices regularly.

For your employees that are working remotely, it’s also important to regularly check they are conducting software updates on their company-issued devices.

Besides system updates, check that security software such as your anti-malware solution is up to date, to protect against the latest cyber threats. If you want peace of mind that this is not going to drop down the priority list, you could opt for an endpoint management service.

 

4. Create regular backups

Data loss can be devastating for all organisations, not least healthcare providers with the vast amount of confidential patient data they hold. Backing up your data daily or weekly, saves you from complete data loss caused by malware, but also system crashes and human error. Encrypting sensitive data is also recommended for added security.

While backups won’t necessarily protect you from a data breach, they prevent complete data loss and provide peace of mind that you can easily and quickly restore your lost files if the worst were to happen.

 

5. Keep collaboration and productivity tools secure

With staff working at different sites and remote working now more typical, tools like the Office 365 suite are ideal for keeping staff productive and connected. But they come with security risks.

For instance, did you know that each time you create a team on Microsoft Teams, a Sharepoint site is automatically created? Combine this with Teams’ guest feature access - which gives invited third parties full access to team channels, chats, shared files and meetings - and there is an increased risk of data breaches.

Introducing this added risk to your network means taking precautionary measures is key, such as:

  • Requiring multi-factor authentication.
  • Setting up secure guest access.
  • Auditing user activity and external sharing.
  • Classifying sensitive data and use Microsoft AIP.
  • Preventing file download to unmanaged devices.

 

6. Have a response and recovery plan

Unfortunately, even the best-laid plans cannot guarantee complete protection as cyber attacks continue to grow in sophistication. So, it’s always a good idea to prepare for the worst.

How you respond to a data breach can make a big difference in how your organisation is affected. Having a robust response and recovery plan in place means you will be as prepared as you can be should a breach occur.

The plan should clearly outline what individuals’ responsibilities are and what steps they must take if you are breached. Ongoing training and thorough instructions of the plan will ensure that everyone is prepared in the event of a breach and can react accordingly.

Be sure to regularly review your healthcare cyber security procedures and keep up to date with the latest tactics, techniques and procedures so you can keep up to date with the latest protocols.

 

7. Seek advice from security experts

Where you don’t have the expertise in-house or you want to take the pressure off your internal IT teams, consult with an IT services provider with experience providing security services to the healthcare sector. An expert provider can help you with all of the above – from implementing a backup strategy to providing a technical audit of your collaboration solution.

 

Guide-to-Phishing

Free Download: A Guide to Phishing

Our recent research on mid-market IT priorities shows time and time again that data privacy is the top priority for most businesses. One of the very real and complex threats impacting these businesses is called phishing.

Download the guide