David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Sep 19, 2017

The nature of the critical care that healthcare provides necessitates that providers be custodians of highly sensitive patient data. It’s just impossible to imagine a scenario where highly skilled medical staff wouldn’t have access to personal and medical details, as well as the staff that handles post care activities from post-op follow-up to billing.

It’s well-documented that external attackers have set their sights on protected health information (PHI). The value of medical records on the black market is at least 10X higher than credit card data. Why? PHI contains more personal data points and cannot just be reissued in the event of a problem. Securing this data and the organization from these calculated threats should be a top priority.

Equally as important to the external threat is making sure the organization is insulated from mistakes by both well-meaning employees and malicious insiders. HIPAA security standards specify the necessary steps a healthcare organization must take to protect PHI. But busy staff members often make mistakes regarding PHI. With the ubiquity of email, it’s not uncommon to see breach examples of an employee accidentally (or carelessly) attaching a spreadsheet or document containing PHI. Unfortunately, it’s also not difficult to find examples of employees abusing their access to PHI and systems. At the end of July, it was widely reported that an employee of the services firm LaunchPoint may have exposed PHI of more than 18,000 by sending a file with patient data to a personal email address.

To prevent brand damage, fines, and audits, healthcare organizations must actively seek to identify and prevent PHI from leaving the organization without the proper safeguards in place. However, this can be a monumental task without the right technology. For email, Mimecast is pleased to announce new data loss prevention capabilities that can help address this challenge. With a set of managed DLP content that is maintained and updated by Mimecast, healthcare organizations can scan, identify and take action on emails containing PHI. These actions include holding the message for review, encrypting the content, applying secure messaging between parties, converting the files and more. As part of the service, Mimecast can notify the sender, recipient, and administrator of a message flagged as containing PHI.

Ensuring that PHI does not leave the organization without the proper encryption and safeguards is just as essential as securing against external attackers. Healthcare is the only industry where employees are the predominant threat of a breach. With the Mimecast US Healthcare Pack, organizations can better protect PHI.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Sep 19, 2017

You may also like:

How to Prepare for and Respond to an Email-Based Attack

This is not a drill.  Your email is…

This is not a drill.  Your email is under attack. Is y… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017

Transforming your Organization into a Cyber Resilience Team

Educating your entire organization on ad…

Educating your entire organization on advanced security.&nbs… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Aug 07, 2017

Advanced Security, Know the Data

Key Data on Why Cybersecurity is Everyon…

Key Data on Why Cybersecurity is Everyone’s Business Cybers… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Aug 17, 2017