Last week, the Department of Veterans Affairs introduced a proposal that would extend private care options under certain conditions. There will be an open period for public comment and questions. As the details are scrutinized, the security of patient information should be addressed during this time as it directly impacts their privacy and the quality of care. As the article states, this change could potentially lead to the transfer of over one million veterans’ health services to private care, and with that comes the transfer of personally identifiable information (PII) and protected health information (PHI). This is a common problem within healthcare as organizations must easily control data access privileges while also sharing with approved recipients. At Virtru, we have been privileged to partner with the VA and help balance the protection of health information while facilitating sharing across authorized organizations.
Protecting Health Information in Evolving Environments
According to the Verizon Data Breach Investigations Report (DBIR) healthcare remains one of the most targeted industries. The 2015 Anthem breach that exposed the data of 79 million people, coupled with the string of ransomware attacks against hospitals, reinforces the data risks the healthcare industry navigates. Unfortunately, like other industries, healthcare organizations also are susceptible to widespread attacks. The 2017 global ransomware attack, WannaCry, crippled some business functions of the U.K. National Health Service. The self-propagating ransomware disrupted patient care and ultimately cost £92 M, demonstrating how organizations can become collateral damage in global malware campaigns.
By one estimate, health care breaches cost $6.2 billion for per year. Part of the challenge is the high error rates. The DBIR claims 35% of healthcare breaches are caused by accidentally mishandling data, as healthcare is the only industry where threats from the inside are more prominent than external threats. This syncs with a recent study commissioned by Forrester Research, where healthcare respondents identified insufficient technology controls to protect data and enforce policies as one of their biggest challenges. In a time when the regulatory environment is evolving so rapidly, policy enforcement is only growing in importance. Balancing these complex environments with other business priorities and resources remains a core challenge for healthcare organizations.
Returning to the Forrester survey, these threats remain top of mind for those in healthcare, where respondents prioritize moving to the cloud and protecting from a broad range of threats. However, compared to respondents in other industries, those in healthcare list corporate social responsibility as a top priority. Healthcare respondents also were more prone to worry about encrypting data both at rest and in motion than those in other industries. This makes sense, as providers must protect patient data on premise and also share it with a potential range of authorized recipients, including insurers, patients, and other providers.
As the VA considers expanding its provider network, they are well aware of the cyber risks involved and have not been immune to data breaches. Fortunately, we were able to expedite our partnership with the VA thanks to the DCode accelerator, which helps impactful technologies expedite the acquisition process and quickly support federal organizations. Because of this acceleration, the Virtru platform immediately helped the VA navigate the various HIPAA requirements while protecting data against threats to optimize veterans’ health experiences in communities across the country and around the world.
Similar to others in the healthcare industry, the VA often must send sensitive information between providers and help ensure timely care by exchanging health information for veterans within their own community. Prior to Virtru, this process was slow and cumbersome due to encryption requirements within HIPAA. Virtru helped the VA streamline encryption within a user-friendly workflow, directly expediting patient treatment and care for patients and allowing administrators greater peace of mind that the data is protected.
Virtru helped address this necessity to protect data while enforcing policies and maintaining full control and visibility. Importantly, Virtru provides the data protection that helps medical staff share health information securely with healthcare providers across the country. This improves patient outcomes by improving the patient experience and allowing greater flexibility for accessing health information in a timely and secure manner. Virtru similarly helps medical professionals focus on patient care as their core responsibility instead of muddling through a deluge of data with complex security tools.
Given the potential liabilities for unlawful data disclosure as well as the stakes involved in patient care, data-centric protection is essential for the healthcare industry. As healthcare remains a top target of cyber attacks, providers seek usable protection that focuses on the data and seamlessly integrates into both the technology stack and the daily use cases of the administrators and providers. Virtru addresses these needs by protecting PHI and PII at rest and in motion, giving in- and out-of-network providers seamless and secure access to the patient reports, test results, schedules, and treatment plans required to expedite timely and efficient care.
Learn more about Virtru’s healthcare solutions.