What Can Health Care Organisations Do to Safeguard Health Care Information?
There are many ways organizations within the health care industry can protect their valuable information. It starts by having security teams:
- Think like an attacker and conduct regular penetration tests to identify weaknesses within the organization.
- Identify where the crown jewels reside within the organisation.
- Encrypt passwords, especially those for privileged users.
- Encrypt patient information, even at rest and within the electronic system.
- Scan and test applications before deploying them within the organszation, ensuring they are secure and that proper coding practices were followed.
- Segregate patient data from other data.
- Follow the principle of least privilege, allowing data access only to users who require it to do their jobs.
- Implement a defense-in-depth strategy with multiple layers of security.
- Have a dedicated information security professional with the power to make risk-benefit decisions that improve the overall security posture of the organization.
- Conduct a security framework and risk assessment and then develop an incident response plan.
Sign up for CIO Asia eNewsletters.