By Drew Fox Jordan • January 5, 2021

    Data Loss Prevention in Health Care: What You Need To Know

    Data Loss Prevention (DLP) is a priority for nonprofit and for-profit organizations alike, but especially for those in health care. These organizations process and hold incredible amounts of personal and medical data and must comply with strict data privacy laws like HIPAA and HITECH. And for the past nine years, health care and hospitals have the highest cost associated with data breaches - clocking in at 65 percent higher than the average US company.

    Data Loss Prevention in Health Care: What You Need To Know

    In order to remain compliant and prevent data loss incidents and breaches, security leaders must have visibility over data movement. However, data loss incidents are happening up to 38 times more frequently than IT leaders currently estimate. 

    In terms of outbound email security, a recent poll found that 51 percent of employees working in health care admit to sending company data to personal email accounts. And beyond that, 41 percent say they’ve sent an email to the wrong person, and 35 percent have downloaded, saved, or sent work-related documents to personal accounts before leaving or after being dismissed from a job. But, hospitals are also frequent targets of inbound attacks like ransomware and phishing. The transition to remote working has only made DLP more challenging for the health care industry.

    Half of health care employees feel less secure outside of their normal office environment, and 42 percent say they’re less likely to follow safe data practices when working remotely. But why is that? Side-stepping security policy happens when IT isn’t watching, employees are distracted, or they’re not working on their normal devices. Cybersecurity likely isn’t top-of-mind for health care employees, especially during a global pandemic. Perhaps that’s why 57 percent say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job. 

    The massive rise in data breaches clearly shows that IT leaders have little visibility into their employee’s security habits. This is likely because most organizations are relying on security training. But, how effective is training, and can it influence and actually change human behavior for the long-term?

    Ultimately, the answer is no. Despite having training more frequently than most industries, health care remains among the most likely to suffer a breach. That’s why security leaders have to bolster training and reinforce policies with tech that understands human behavior.

    Security solutions like Gravyty Guard use artificial intelligence (AI) to understand the behaviors of nonprofit employees to alert them to risks on email as and when they arise. By warning both managers and users in real-time, we can help identify security risks before they are exploited by bad actors. With remote working here to stay, and with hackers continually finding ways to capitalize on people’s stress in order to manipulate them, nonprofits must prioritize cybersecurity at the human layer.

    Is your donor data protected? Take our FREE 15-minute assessment and receive your own Data Security Health Score and find out if your organization is secure.

    Data Loss Prevention in Health Care: What You Need To Know


    Posts by Topic

    see all