Since 2010, 68% of healthcare breaches have stemmed from lost or stolen devices. This is much different from what most people would expect. The most logical culprit would be data hacking right? An interesting finding from the 2014 Healthcare Data Breach Report was that hacking only accounts for 23% of data breaches in the industry. The fact is that healthcare institutions are far more likely to be robbed than hacked, forcing healthcare IT security professionals to take a fresh look at the way they secure data on mobile devices. But to who should they look to?
Cloud Access Security Brokers (CASBs) allow companies to protect their data, rather then just the mobile devices themselves. This data centric approach to security gives IT the visibility and control they need (to comply with HIPAA), while giving the 90% of healthcare professionals who use their personal smart phones for work , the mobility and privacy they deserve. In BYOD cultures, the ever-trusted MDM solutions are archaic in the minds of today’s employees. The days of employees ceding control over all of their apps and data to their employers are over. But hey, they were nice while lasted.
Here are 5 tips that will help healthcare organizations find the right data security solution for them:
- Visibility and control over data – CASBs proxy all traffic to from corporate cloud applications and mobile devices. These solutions inspect, secure, log activities, and alert IT of all suspicious activity taking place with your data This all completely transparent to users.
- Control the Flow – You want to be able to block sensitive data from being downloaded down to untrusted devices based on custom policies you’ve created yourself. This’ll come in handy as HIPAA compliance mandates that healthcare institutions must detect and redact PHI flowing down to BYOD clients.
- Track and protect sensitive data anywhere - Today you can digitally watermark all sensitive data going outside your firewall. This allows you track corporate data, see who downloaded it, and see where it went after an employee received it. If a device is lost you can also remote wipe corporate data and leave all personal data intact (technology can differentiate between the two). The same can’t be said for MDMs
- Single Sign-On – This will allow you to protect your company from identity sprawl. When users have too many passwords, they begin using common password habits. Cyber criminals then prey on these habits to gain access to sensitive company information. SSO allows for one login, one password to all cloud applications.
- Easy deployment – Companies need to operate at the speed of life. This means that solutions need to be able to deploy quickly, easily and cost effectively. No ridiculous administrative overhead costs necessary.
All 5 of these are within reach. Healthcare institutions just need to be proactive and deploy the right CASB, before lost mobile devices send their checkbooks to the emergency room.
Read more about HIPAA Compliance, PHI and BYOD
Product Marketing Manager @Bitglass