News Feature | April 22, 2016

Encryption: The New Focus Of Healthcare Organizations

By Megan Williams, contributing writer

Encryption For Backup

Patient data may actually be safer today than it was at the time of the Anthem Breach. According to HealthData Management, this is largely due to hospital CISOs using encryption more extensively — a practice Anthem wasn’t engaging in at the time of attack.

This fact is not surprising as many organizations have avoided implementing proper encryption in the past because of the impact on performance. The healthcare sector has been particularly guilty but with good reason — slow data response times are a huge impediment for clinicians and staff who need quick access to EHR systems.

A Change Encouraged By Technology

Recently though, we’ve seen a jump in the use of encryption technology. The change has largely been facilitated by developments in technology, including hardware security modules (HSMs) which allow end users to run encryption without major impact on performance. According to Kathy Hughes, CISO for Northwell Health, the new generation of encryption tools are not only cost-effective, they also have such a small impact on database performance that the end user will barely even notice.

“Encryption at rest” is becoming standard for many industries and, while it previously applied mostly to data center/big block storage, it now extends to mobile devices including laptops and smartphones. According to the Ponemon Institute’s 2016 Global Encryption Trends Study, healthcare and pharmaceuticals especially are seeing growth. The survey involved 5,009 individuals and found that, 49 percent of health and pharma organizations used 14 different encryption technologies.

A Changing Threat Landscape

Still, encryption presents new issues for the industry. According to Larry Ponemon, Ph.D. and chairman and founder of the Ponemon Institute, “Encryption creates workflow issues.”

In hospitals specifically, clinicians need constant access to EHR data. If that data is encrypted, it is completely useless to them. That continuous and necessary opening creates opportunities for potential data thieves.

Ponemon believes to address the issue, “You have to build a workflow to ensure that you’re not vulnerable at points where the data is decrypted and in clear text.” He also stressed that despite successful changes in the way encryption is used, healthcare still faces particular and definite threats, saying, “Medical data has become increasingly valuable on the black market, and the bad guys are getting more persistent and better at what they do. We’ve seen over the past year that healthcare companies are building better security, but at the same time, the attacks are becoming more stealthy and sophisticated. This makes hospitals very vulnerable.”