Last year, the biggest breach in healthcare occurred at the second largest insurer in the US-Anthem. The names, social security numbers, addresses, emails, employment info, and income data was stolen.
As of this week, there has been another data breach from an anonymous hacker who goes by the name of thedarkoverlord. This hacker has breached 3 different healthcare databases ranging from 50,000 to 400,000 patients and is offering to sell patients’ medical records.
Each and every employee of an organization has a trail of records, documenting information from the moment they are hired to the moment they leave. Organizations must understand the responsibility they have to protect both their client and employee information. Healthcare is an industry where they have had trouble keeping information confidential. The best defense mechanism against hackers is to implement security measures through an ECM – one with specific requirements, that is.
PICKING THE RIGHT ECM
Your ECM should also provide document authentication, integrity and privacy. It should be able to encrypt data and documents in a way that makes them only accessible through using the ECM directly.
1. Your ECM should have access controls for admins to put permissions on users. A hacker would need to crack the admin level access in order to change the permissions.
2. A retention tool that allows for records managers to destroy or archive documents so that confidential information is not sitting around when it shouldn’t be.
3. Audit trails and reporting tools to show transparency for all user activity and changes to documents.
4. Disaster recovery capabilities – your ECM data should all be backed up in case of a disaster so that your information is preserved.
5. E-signatures in order to verify the authenticity of the documents and specify the owner of the documents.
Apart from internal ECM features, there are a few things you can do to add another layer of security to your organization:
1. check for 3rd-party security audits
2. ensure that each software release is scanned with a professional security tool
3. optionally, contract for your own 3rd-party audit
If your company does not currently have an ECM or is running on an outdated one, chances are, you probably have already experienced a data breach. It’s time you migrate your data to a modern solution. Unfortunately, there is no such thing as a foolproof security system, but with an ECM, chances of hackers breaking into your database to steal information are much slimmer.