It was a year ago this month that HCA Healthcare – a Tennessee-based hospital and clinic operator – underwent a largely publicised cyber attack. In this instance, cyber criminals accessed and exfiltrated data from an external storage location that formatted emails and calendar reminders for patients.
Data including names, birthdays, email addresses, and countless other PII for more than 11 million patients across 20 states was taken. And this was just scratching the surface of what cyber criminals threaten to do. Across the US and the UK, healthcare organisations are consistently at risk of cyberattacks, including ransomware attacks, malware attacks and more that result in the theft of personal information.
It’s not just patients that are at risk, however. It’s the employees too. In the UK alone, the NHS employs around 1.5 million people, all of whom have personal data stored at the company that is at the mercy of attackers. On an individual basis, it has become far easier to find a data removal service in recent years, but when it comes to a workplace environment, you can only trust the systems that organisation has put in place to keep your data safe.
Thankfully, due to the nature of these well-publicised breaches – and the ongoing financial investment in cybersecurity tech – a number of innovative tactics are being employed.
Advanced Encryption Techniques
One of those tactics is initiating end-to-end encryption, which means data is encrypted from the moment it is entered into the system until it is received by the authorised user. This ensures that sensitive information – including employee PII – remains secure during transmission and storage, protecting it from unauthorised access. Homomorphic encryption, too, is being implemented more often to process data without it having to be decrypted – thereby maintaining its security throughout the computation process.
Zero Trust Architecture
Zero trust is also becoming a more common security practice. This works by dividing a network into smaller, isolated segments to effectively minimise the attacking surface. As well as this, any access required continuous verification, meaning the identity and trustworthiness of any entity is regularly scrutinised regardless of its location.
Behavioural Analytics and AI
One of the recent innovations in cybersecurity has to be the implementation of tech like AI and machine learning – two things a handful of healthcare organisations are now utilising to monitor user behaviour and detect anomalies. In this case, the usual patterns of network users are processed and recognised, collecting those patterns of data to differentiate unusual network behaviour. One of the reasons this method has so much potential is because AI-powered threat detection can identify potential security breaches in real-time, sounding the alarm and putting a stop to them before they become a problem – rather than rectifying that problem after the fact.
Conclusion
These are just three of the innovative tactics that are being used to safeguard employee PII, but there are many more, including multi-factor authentication, firewall implementation, and even using blockchain technology to create immutable records. There’s no doubt that the healthcare industry is getting safer for employees, but while the threat of cybercrime still lingers, the work will have to be ongoing.