As a parent, I’m always watching out to keep my kids safe – whether it’s keeping an eye on traffic or watching what they eat. Having been in the cybersecurity industry for some time now, it has led me to be even more concerned about how their personal data is used by those who have access to it. As an example, there was one case where my daughter's pediatrician sent me her test results via his personal Gmail account rather than a corporate one or by a more secure method.
Situations like this are less rare than you might think. The healthcare industry is dealing with inside and outside threats to protected health information (PHI) while trying to utilize data to innovate and improve patient care. In 2020 the industry faced the highest average total cost per breach, increasing 10% from the previous year. The industry desperately needs a better solution to protecting its data.
Increased threats to PHI
Ransomware attacks on the healthcare industry increased 60% to 123% in 2020 (depending on the report) with bad actors taking advantage of the disruptions created by the pandemic. These attacks are also increasing in pressure with bad actors not just encrypting data but stealing it as well. This puts increased stress on organizations to pay in order to avoid regulatory consequences for leaked data. Nearly 60% of ransomware attacks that the IBM X-Force responded to in 2020 used what they’re calling a “double extortion strategy” where attackers encrypted, stole and then threatened to expose data if the ransom wasn't paid. Ireland’s nation health service is dealing with this exact issue after hackers broke into the Health Service Executive’s (HSE) IT system in May. The attack not only led to a disruption in services, but personal records of individuals being released online. The same group has targeted at least 16 U.S. health and emergency networks this year.
Data is driving the future of the healthcare and life sciences industry
The increase in threats hasn’t slowed the healthcare industry’s expansion of data sharing and utilization. Data is driving innovation in original medical research, new drug development, improved clinical care, and innovative medical devices. A recent Economist Intelligence Unit survey showed that the healthcare and life sciences industry was most likely to cite data and analytics as a critical factor for success over the next three years. The respondents’ top three priorities were developing new products or services, increasing client satisfaction and experience, and revenue and profit growth. They were also more likely than others to purchase or accept data from both government and non-government agencies. However, the risk of sharing data externally is a top concern with the healthcare industry listing “risk of a leak of confidential information” as number one with 54% of respondents.
A better outcome for PHI data governance and security
This all makes protecting sensitive data more critical than ever. In the past, healthcare organizations may have thought that a full-fledged, time- and resource-intensive Data Loss Prevention (DLP) solution was the only option to truly protect sensitive data. The fact is legacy enterprise DLPs are costly, usually require a long on-premises installation and complex policy rollout, and don’t extend well into the cloud. They tend to put blocks in place that make it more challenging to get important data into the necessary hands. This is less than ideal for an industry that needs to share data to provide the best care and innovate quickly.
Modern cloud-based, no-code solutions like ALTR provide a better alternative by making it easy to automate data access controls, protect data at rest, and respond to threats in real-time. Unlike traditional solutions, ALTR requires no infrastructure to install, maintain or scale, and nothing needs to be placed on the endpoint. And unlike other solutions, ALTR delivers both data governance and data security. Organizations can add data sources, create policy, and respond to potential threats without writing a single line of code. Sensitive data is classified wherever it is, policy enforcement is automated, consumption is visible and controlled, and sensitive data is tokenized to mitigate the risk of exfiltration, while potential threats are handled as they happen. Protection is focused on the data, where it should be.
ALTR customer TULIP is a great example of this use case. The company provides an online platform that allows fertility patients from all over the world to search a proprietary database of nearly 20,000 egg donors to find their perfect match. TULIP turned to ALTR for a data protection service that keeps customer PHI safe and provides a secure audit trail of every request for data.
With a modern data governance and security solution, the healthcare industry can better protect its sensitive information while fully utilizing that data to improve patient outcomes, create better clinical processes, and produce innovative medical treatments and devices that can benefit us all.