by Tim Reilly
Why encryption is essential in healthcare cybersecurity strategies
Data breaches are a growing problem in the healthcare industry. From 2009 to 2018 healthcare data breaches have resulted in the theft or exposure of 189,945,874 healthcare records. Did you know data breaches are now being reported at a rate of more than one per day? Despite a healthcare organization’s best efforts, PHI data continues to get out. If cyberattacks are no longer an if, but a when, what protection options do we have? One of the top recommended solutions from security experts for data protection is encryption.
Encryption is not mandated by HIPAA, but for healthcare entities striving for a comprehensive cybersecurity solution, it is an essential element to a data protection strategy. Per the HIPAA Breach Notification Rule, in the event of a breach, covered entities and business associates must only provide the required notifications if the breach involved unsecured protected health information. Unsecured protected health information is protected health information that has not been rendered unusable, unreadable, or indecipherable to unauthorized persons. Encrypting data meets the criteria for qualifying as protected health information and thus avoids the requirement to report a breach, and even more importantly, having the data exposed. And we’ve all seen too many headlines about that recently.
So if the government is telling you that encrypting PHI data is a good idea, why wouldn’t you?
Afraid encryption is too hard to implement?
Encryption is often perceived as too complex or will have too large of an impact on performance. Encryption will always affect performance, but Zettaset’s encryption solutions only impact performance by 5%. And our easy to use solutions simplify the installation process, with one customer installed in six hours. The simplicity doesn’t end there. You don’t need to backup and restore to install, you can immediately encrypt data in place. It’s the fast, intelligent and easy solution for encrypting data.
Protecting sensitive data involves the deployment of multiple security tools working in concert with one another. But at the end of the day, encryption is your last line of defense against exposure of sensitive data when a theft occurs. So ask yourself, should your last line of defense be treated as an afterthought or the first security feature deployed? And one more question. If you’re encrypting data on your cell phone, then why wouldn’t you encrypt an even larger collection of data sitting on a server? Makes for a very easy target if you don’t.
Encryption won’t solve all of your problems, but when implemented properly, it will provide a very effective layer of data protection in a world that’s on a perpetual mission to acquire your most valuable asset.