Healthcare file sharing breaches on the rise

Mar 10, 2014

2014-03-10 Healthcare.jpgSharing business files within an enterprise setting can be beneficial to productivity, however if employees are using the wrong system, it can leave data vulnerable to risks. As more regulations are placed on industries, organizations must ensure that they are following security best practices. Nowhere is this more relevant than the healthcare sector, which has strict standards to keep patient information safe. But there are still many medical practices that are victim to data breaches and the consequential losses.

While measures like the Health Insurance Portability and Accountability Act have been enforced within the industry, many organizations struggle to comply with the rules. Files containing essential information on how to access healthcare provider networks were found on a sharing website, which included blueprints, passwords and encryption keys, according to HealthITSecurity. This significant gap in protection places patient information and the entire practice at risk.

While the data in the documents had been changed since being uploaded to the online file sharing site, it could have presented a significant opportunity for losses in revenue, data and reputation. Because the information within hospitals is valued so highly, the potential for a breach of this size reinforces the need to protect data from future risks.

Integrating a safe solution
As potential threats become more of a reality, healthcare organizations need to implement an enterprise-grade service into their operations to allow secure file sharing and deter dangers. While many employees may want to use a system like Dropbox, this option is not viable for the medical field. By using consumer products, the firm will have few encryption capabilities and limited visibility into where the data is located, according to Business 2 Community contributor Josh Topal.

The public solutions also don’t have the capability to set user permissions, which could allow any user to view sensitive documents and compromise them. Within a medical office, it’s important to make sure that no one is able to change patient information without prior consent; without security, it’s easier to manipulate the data.

“Business collaboration requires granular control over permissions to ensure appropriate access levels for dozens of collaborators and stakeholders,” Topal wrote. “This protects against accidental overwrites or deletions, but it also preserves security and secrecy. In this regard, Dropbox falls short: it doesn’t let you customize read and write privileges for individual users.”

Category: Data Security