Recent Premera attack proves breaches in healthcare will continue to skyrocket

(Editor’s note: contributed blogs like this are part of’s annual sponsorship program. Find out more here. This article was authored by Jim Bindon, director of Vertical Markets and SolutionsPath Engagement Service for Avnet Technology Solutions Americas)

Jim Bindon, director of Vertical Markets and SolutionsPath Engagement Service for Avnet Technology Solutions Americas

Jim Bindon, director of Vertical Markets and SolutionsPath Engagement Service for Avnet Technology Solutions Americas

As today’s healthcare organizations look to better contain costs and battle the ever-increasing amount of data, learning to digitize operations becomes crucial to improving organizational efficiency. Although, as healthcare providers digitize their operations, mobile and other endpoint devices’ ability to store millions of records dramatically increases the risk of loss or theft of patient health information (PHI). As we’ve learned from the 11 million patient health records stolen from the recent breach at health insurer Premera Blue Cross, the second-biggest cyberattack in healthcare industry history, and also the breaches last month at Anthem, patient data can be easily lost or stolen by internal threats or cyber-attacks when loopholes are found.

There is a lot of information inside of a patient health record that can be valuable to potential thieves. With the running rate of each health record averaging $50, the demand for patient health information on the black market is high, and more and more hacking forces are targeting healthcare organizations. That’s why, as hospitals move to a more digitalized environment, it is important that they integrate the best security practices in order to keep patients safe even after they leave the hospital.

With more than 2 out of 5 physicians already using a smartphone or connected tablet during patient consultations, and 81% of clinicians using mobile devices to collect PHI, how do providers protect the growing number of endpoints needed to secure and comply with HIPAA and other privacy and security rules?

Identity Management for Total Data Security

Healthcare employees and others with unauthorized access to healthcare records can put medical data at risk. By centralizing the management of user identities, you’ll know exactly who has access to specific applications.

Grant access rights to new users, while revoking the privileges of exiting users, all in an effort to support regulatory compliance. Securely manage access to mission-critical data and applications, while providing clinical teams with fast, convenient access ensures the highest data security.

Single Sign-On for Improved Patient Safety and Better Care

Some healthcare organizations require multiple logins to access shared workstations or applications, taking critical time away from patient care and impacting patient safety. While some clinicians have figured out a way around multiple logins, that can leave data vulnerable to attack.

With single sign-on, clinicians sign on once and receive access to all authorized applications, regardless of the device or location, eliminating some of the targeted IT security weaknesses faced by hospitals today. Some solutions can also eliminate the need for multiple user passwords and reduce the time spent on password resets, both from the user perspective and the IT helpdesk.

Endpoint Protection for Greater Patient Privacy

Access to private medical data via mobile devices can threaten the security and privacy of patient healthcare information, but there are some benefits. With the right security protocols, mobile devices allow for improved communication, expanded access to patients and a higher number of patients who are more engaged in their own healthcare.

Protect mobile, cloud and social interactions by validating “who is who” when users connect from outside the enterprise. Enforce proactive access policies on cloud, social and mobile collaboration channels. Multi-factor security, combined with the ability to automate walk-off security policies and track access to applications, reduces the risk of unauthorized access to information.

Some of the other technical safeguards for protecting PHI:

  • Network Security
  • Secure Texting
  • Regulatory Compliance
  • HIPAA Security Risk Assessments
  • Remediation
  • Encryption Technology & Security Services:
  • Secure Data Access Controls
  • Multi-tier Authentication
  • Firewall Management
  • Intrusion Protection
  • Cloud and Managed Services

Get a head start on securing your patient information by following the suggestions offered above, but understand that this is not a one-time drill. Constant evaluation reduces risk and also achieves compliance with federal regulations. While there are countless additional steps that can be taken to fully protect the immense amount of data being developed every day, staying on top of identity management, creating a single sign-on for healthcare users and providing better endpoint protection will give your organization a foundation on which to build your data-protection strategy.

Make sure you are equipped with the most up-to-date information and technology by attending HIMSS15, the year’s largest and most important healthcare IT conference in the United States, April 12-16 in Chicago.

Join Avnet, alongside 38,000+ healthcare IT professionals, clinicians, executives and vendors from around the world, in booth #5085, to learn more about we work with our business partners to align industry-leading technologies with fast-changing healthcare and business demands to better engage consumers and improve core processes.