Healthcare Orgs Don’t Have to Fear the Cloud: Mimecast HIPAA Compliance Verified
Cybercriminals use email as a gateway for data breaches. This is not old news. New cyberattacks happen almost daily across all industries.
The bad news is, the speed of innovation for email threats has skyrocketed in the last year. If you don’t already know that 91 percent of breaches are due to phishing attacks, you at least shouldn’t be surprised to learn this statistic. What may shock you is that there has been a 270 percent increase of social-engineering-based whaling attacks since January 2015.
The healthcare industry, in particular, has been a ripe target for cybercriminals seeking to obtain massive amounts of personal, private patient data. Why the focus on healthcare? IT staff at healthcare organizations are often over-burdened and dealing with tight budgets and limited resources. While many IT teams have looked to cloud services to solve these issues and increase their capabilities, many have been unable to make the move due to concerns over their ability to adopt cloud security solutions in a regulated environment.
Mimecast can address these concerns and ease the fear that stops many healthcare organizations from moving to the cloud. We have recently passed the Health Insurance Portability and Accountability Act (HIPAA) Security Compliance Assessment. This third-party assessment verifies the safeguards in place to protect health information within Mimecast’s software and facilities.
Now, healthcare organizations can take advantage of the benefits of cloud services without worrying about violating stringent rules, policies and regulations. And, most importantly, they can effectively protect patient data from email-based threats like whaling, spear-phishing and ransomware.
Here are three healthful tips to help healthcare organizations have it all when it comes to the cloud: security, compliance, efficiency and a positive patient experience:
- Update your email security: Traditional malware scanning and spam management are not enough. Organizations will invariably have a breach if they are not protecting themselves against the latest generation of email-based threats.
- Transport-level encryption: Emails should be encrypted during transmission between email servers to provide protection from interception.
- Message-level encryption: Because issues can arise with the servers themselves, message-level encryption can be used to protect content on the remote email server.
- Secure webmail: The most secure approach is some form of secure webmail delivery, in which the message is stopped at the gateway. The recipient of the email gets a delivery notification with a link that is used to access the original email. Secure webmail delivery solutions typically require a password to access the email which adds another layer of security to message access, giving worried doctors peace of mind. Ideally, the solution will also track recipient access. Use transport-level encryption for access to the Web server.
Read our Healthcare Security Checklist to learn more.