Privacy and security are practically buzzwords in the health care industry, yet according to the latest Global Data Risk Report from Varonis, approximately 25 percent of files in every organization are available for anybody to see. Half of all companies surveyed had exposed thousands of files containing sensitive data to their employees – and those numbers are creeping up. HIPAA regulations demand better control over this sensitive data in medical practices nationwide.
Assessing Risk & Taking Steps to Protect Information
When we talk about exposed files, we aren’t referring to the old-fashioned manila folders tucked away inside filing cabinets. At issue is electronic data; wrong or broken permissions inadvertently allow anybody in the organization to access employee and patient data. The Varonis report found that for each terabyte of data available, tens of thousands of files on average were improperly exposed, had the wrong permissions, or weren’t updated with adequate permissions. Adding to the problem? Few organizations take the proper steps to monitor their data. More than half of most companies’ files contained irrelevant data, inactive user accounts, and passwords that that weren’t set to automatically expire within a given time frame.
This can get an organization into trouble. Running afoul of HIPAA can result in steep fines if a data breach or theft occurs. It’s crucial your organization assesses risk factors and takes steps to keep patient information secure. Doing so requires controlling access to data and cleaning out “stale” files that are no longer relevant.
While undoubtedly a time-consuming process (each file will probably take several hours to audit and correct access issues), think of it as a necessary evil. Practices that don’t regularly check up on old accounts with non-expiring passwords and delete irrelevant information put themselves at risk of cybersecurity threats and potentially stiff penalties. There is another benefit to performing ongoing risk assessments and proactively controlling data access: your organization will likely save money and shore up security problems. Varonis encourages all practices to routinely audit these accounts to ensure users can only access the specific data they need. No more and no less.
Cybersecurity breaches are an ongoing concern and won’t go away on their own. Therefore, it is up to every provider entrusted with sensitive patient information to take the steps necessary to lock down and protect that data.