Data Protection for Healthcare Provider: The Aftermath
Data privacy and data protection – What you need to know
The discussion of data privacy and data protection is not new to anyone. Especially after numerous high-profile cases of data breaches in the past months. From the social media platform such as Facebook's Cambridge Analytica saga to the latest cyber heist targeting Singapore's largest healthcare group, SingHealth.
In late July 2018, SingHealth announced 1.5 million patients' personal information and 160,000 medical records were stolen due to a coordinated cyberattack. This incident has thrown into question on the level of security measures a healthcare operator undertakes to protect their patient's personal data.
Medical Records – Worth 10X More Than Credit Card Information
Medical records and personal information such as national identity number, date of birth, gender etc. may be misused to make false insurance claims, make unauthorized medical equipment purchases or drugs for the purpose of resale.
To make matter worse, theft of medical records can remain undetected for a period of time. In contrast, a credit card fraud tends to be detected quickly and banks will almost immediately cease the card.
Post Attack – What Can A Healthcare Provider Do?
Preventing the attack is as important as how a healthcare provider reacts to it.
Data breach can occur anytime. All it takes is a loophole in your network or an employee to go rouge and leak company's confidential data, such as a former employee of Telsa stealing confidential photos and video footages.
As the old saying goes, prevention is better than cure. Are the healthcare providers putting enough in place to prevent such cyber attacks?
Let us share our 3 step-process to heighten your organisation's cybersecurity and protect your patient's confidential data.
Related Articles: Business Trends 2018: 3 Business Trends to Look Out For
Preventing the next cyber attack
Medical professionals' priority is to perform life-saving work in the shortest possible time, this time sensitivities call for healthcare providers to focus on optimizing medical care processes. As a result, the security of the hospital system comes in as secondary.
Due to the lack of proper security measures, hackers start to exploit this area of vulnerability.
So how can hospitals prevent such attacks?
Our 3-step process.
- Classification and labelling
Data collected or stored by healthcare providers need to be classified based on sensitivity and then labelled. Administrators will create policies for data classification, labelling and protection.
When a Peggy, a pharmacist, create/edit a medical record containing patient's personal data and medical history, the document will be automatically classified as "confidential" and encrypted with permissions according to the policies.
- Encryption and rights management
Encrypt your sensitive data and define usage rights when needed. This will prevent unauthorized access and distribution.
After saving the medical records, Peggy wanted to clarify with the doctor on the dosage. She emailed the documents to the doctor and accidentally included 2 users within the organisation without the permission rights
The two unauthorized users are unable to open the file or forward the email, while Peggy and the doctor are able to open the file but cannot print, save, copy text or forward the file.
- Detailed tracking and reporting
Data protection is not complete without a complete monitoring system. Track what is happening with your shared data to gain more control over it.
With a tracking and monitoring system, Peggy and the IT department have the birds-eye view of the data flow and access. They are able to view successful and unsuccessful attempts to access the file. Based on this monitoring, Peggy and the IT team can quickly recall the documents from the unauthorized users.
Recommended Solution: Microsoft Azure Information Protection
Interested to find out more about how your healthcare organisation can benefit from our data protection solution? Contact our specialist today!
For more information, please contact us at