News Feature | June 19, 2015

Verizon Tells How To Minimize Data Breaches And Risk For Your Health IT Clients

By Megan Williams, contributing writer

Healthcare Tablet

Verizon touts an overarching goal of “absolute connectedness anywhere,” but what does that mean for your clients, and how can you help them address similar goals? Suzanne Widup, senior analyst with Verizon, gives some insight into those questions in a Health IT Outcomes podcast from HIMSS15.  

Helping Clients Minimize The Risk Of Connectedness

It’s likely that your clients are investing time and resources into more HIT initiatives that encourage connectedness — as they should be. Keeping up with their partners, federal mandates, and patient care all require highly connected environments. Unfortunately, too many organizations “rush to get connected” and don’t prioritize security in the process — a mistake that’s especially costly in the healthcare sector.

Growing responsibly and mindfully around security concerns, according to Widup, should start with a data-centric perspective on risk. That means:

  • Finding where your clients’ data resides
  • Identifying the most sensitive and risk-prone data
  • Evaluating and creating controls around it
  • Considering multiple types of risk in the process

In healthcare, errors still reign supreme. As Widup illuminated, “We see data breaches in the healthcare, especially. The top one is actually errors. It’s not hackers coming after you, it’s errors. It’s people are posting something on a sensitive website and there’s no controls on it and Google finds it, or there were controls on it and they made a change to that environment, and suddenly the controls are no longer in play, and again, Google finds it or the customer finds it.”

She also pointed out that Florida is an innovator in healthcare cybercrime, with patterns emerging there (because of the large patient base) and then spreading to the rest of the country.

The Future Of mHealth In Breaches

While mHealth hasn’t yet played a large role in security breaches, aside from devices being lost or stolen, Widup believes that as the payment chain moves more into the world of mobile, criminal actors will begin targeting them more. Some will be targeted for direct financial information (credit card data) and others will be after healthcare data (protected health information, or PHI).

The Vendor’s Indispensable Role

Widup’s conversation also stressed the important role that solutions providers play in the communication loop around security. While Verizon has a group that performs the research around analysis assessment reporting, they are not working directly with providers themselves, so security awareness and serving as an information bridge is an important service that vendors can provide their clients — and one that should be emphasized from a marketing perspective.  

Some of the specifics actions she outlined include:

  • Recruiting all organizational members to form a “human sensor network” in which all members are educated and know how, and to whom to report incidents and concerns
  • Addressing errors and misdelivery (errors in mass mailing that result in security issues)
  • Establishing effective controls and processes for handling incidents

You can listen to all of 40 of the Health IT Voices podcasts from HIMSS15 here.