Are Your Data Breaches Coming from Within? New Report Finds Most Healthcare Security Pitfalls Stem from Unintended Disclosure in 2017
Oct 24, 2017
Within a hospital or other organization, the term “unintended disclosure” refers to erroneous practices where confidential information is either explicitly divulged without permission or left vulnerable for unauthorized parties to access. Examples include sending emails containing PHI, leaving private servers publicly accessible, or using unsecured IoT devices in the workplace to access protected files.
The report also found that the frequency of unintended disclosure incidents was more than twice as the second-most recurrent form of attack, hacking or malware intrusion, which accounted for 19% of all data breach incidents in the healthcare sector so far this year. These findings illustrate that these types of incidents more often stem from within the organizations themselves as opposed to external sources. If confidential information is left exposed by hospital staff through unsecured communications practices, a hacker will have access to it. The hacker may never be able to access the data if organizational personnel do not leave it vulnerable in the first place.
Data breach incidents caused by unintended disclosure are indeed avoidable, and healthcare CIOs should prioritize preventing data breaches before they occur within their organizations. Executives need to establish and enforce a culture centered around data security where all employees, managers, and executives are aware of the consequences that certain actions can have on their organization’s informational integrity. For example, emails containing private PHI may travel through multiple servers before arriving at their destination. Likely, the sender has no way to confirm that those servers were properly secured to HIPAA compliant standards.
Since email is such a ubiquitous communications tool within most healthcare organizations, a better alternative is needed that can either match or exceed email’s convenience while improving upon its security and delivery capabilities. etherFAX’s Secure Exchange Network (SEN) was developed in direct response to the need for a protected, HIPAA compliant document transmission service, and makes use of cloud computing services.
SEN leverages military-grade encryption and hybrid cloud technology to transmit documents directly between any of its 6+ million connected endpoints without ever needing to traverse an external network. This means that, in addition to 100% security, the communications are relayed from sender to receiver without any gray areas in between. All transactions over SEN are also marked as SENt for reporting purposes and provides users with transparent proof that documents were delivered to their intended endpoint without visiting other servers along the way.
Using a virtual document transport service like SEN also comes with built-in reliability and speed. A 50-page document that would traditionally take 30 minutes to send through a legacy fax server can now be sent in seconds. The best part? You don’t need to throw away your existing infrastructure if you don’t want to. Install a plug-and-play A2E device, activate it, and never experience busy inbound faxes again.
Have any questions about how your organization can better secure its communications practices? Contact us today and see how we can help you.