- By Mark Gross, Senior Product Manager at Kofax
Healthcare data breaches are often the result of unsecured devices and the failure of employees to follow best practices. Two-thirds of UK healthcare organisations reported a breach in 2019, according to a cyber security survey conducted by Clearswift . According to the think tank, Parliament Street’s analysis of 68 UK National Health Service (NHS) trusts, 162,000 documents went missing in the fiscal year 2017-2018. This is in addition to 702,000 pieces of paperwork the trusts had already known to be lost.
Despite these vulnerabilities, only 26% of healthcare IT decision makers are investing in security for front line endpoints, compared to 46% who say they’re investing in database security, the above-mentioned Clearswift survey found.
When it comes to maintaining security, healthcare organisations sit between a rock and a hard place. To provide proper patient care, their staff needs access to the right information, and quickly. At the same time, data protection laws in the UK and EU protect the sensitive data included in electronic health records (EHR).
A wide array of devices is used to collect and transmit patient data – including computers, mobile devices, IV pumps and X-ray machines. Today, all of these are connected to the internet, the hospital network and other medical technologies, even though many of them have few, or no, security protocols in place. The situation’s made even more complex by the public nature of hospital environments. Many connected devices containing sensitive data are left unattended, leaving the entire network exposed. The result’s an increase in cyber and data security threats.
Today, there’s the added challenge brought on by the COVID-19 global pandemic. Many healthcare workers aren’t working in their normal environments, they’re helping in other departments, hospitals, and even pop-up field hospitals. With all the displaced healthcare workers, their normal print and capture workflows are left behind with their devices—and the security of the patient data contained in documents printed or scanned elsewhere may be at risk.
Hospitals have too much at risk to leave endpoints unprotected. Exposed medical data can cost healthcare companies millions of Pounds in fines and civil action, not to mention the ensuing reputational damage.