IRVINE, CA, January 20, 2015 – Despite increasingly stringent industry regulations a lot of health care organizations along with their business associates often fail to ensure integrity of sensitive information. No wonder that health care was named one of the top six industries vulnerable to security violations by Netwrix’s 2014 SIEM Efficiency Survey Report. Security incidents are not only common but also have the highest per capita breach cost, more than any other industry according to the 2014 Cost of Data Breach Study: Global Analysis conducted by Ponemon Institute. One of the prime examples of data breach’s expensive consequences was that New York Presbyterian Hospital and Columbia University had a $4.8 million settlement in May 2014 for failing to secure the electronically protected health information of thousands of patients.
Industry regulations that establish requirements for IT security for health care providers are often diverse and confusing. Netwrix Corporation, the #1 provider of change and configuration auditing software, outlines three major steps that help meet compliance requirements and ensure security of IT infrastructure:
- Establish effective security policies. Adopt comprehensive internal policy that will apply to all aspects of critical data security. Define roles and responsibilities of everyone dealing with sensitive information and limit access to sensitive data to people that need it to perform their duties. Develop detailed workflow that describes the process of security maintenance, as well as actions that should be taken in case a security incident occurs. Regularly revise these documents to keep them up-to-date with current legislation and technical and business objectives.
- Make sure your employees maintain security. Distribute the security policies among all employees, no matter if they have access to sensitive data or not, and point out the responsibilities of every employee to follow the instructions. Organize end-user security training for personnel and regularly test their knowledge. Another way to make employees control their actions is to publish anonymized audit reports demonstrating that their activity is being watched.
- Audit your IT infrastructure. Knowing about who did what, when and where will help track malicious user activity, e.g. unauthorized access or modifications that are made to sensitive data or system configuration as early as possible. Regular reporting on changes made across the entire IT infrastructure will help ensure security policies in place are actually working and pass both internal and external audits.
“Information technologies continue to improve and expand, providing countless opportunities to enhance health care services and communication between patients and health care providers. This, in turn, makes maintaining privacy and security of sensitive information one of the biggest challenges for IT departments,” said Michael Fimin, CEO and co-founder of Netwrix. “With numerous data breaches occurring, it is crucial for health care providers to have a complete visibility across the entire IT infrastructure, instantly detecting malicious activity or unauthorized access to sensitive data.”
About Netwrix Corporation
Netwrix Corporation, the #1 provider of change and configuration auditing solutions, delivers complete visibility into who did what, when and where across the entire IT infrastructure. This strengthens security, streamlines compliance and optimizes operations. Founded in 2006, Netwrix is named to the Inc. 5000 list and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.