First, health care organizations need to treat security as a priority and increase their security budgets so that they can implement proper security measures and defenses.
From there, the first strategy health care organizations can implement to increase their security and protect personally identifiable information is network segmentation. The idea behind network segmentation is to isolate personally identifiable information and other sensitive data onto a network separate from the network where staff can do potentially dangerous things, such as browse the web and access email. That way if one network is compromised, the data is still secure. Remote browser isolation technology is one way of accomplishing network segmentation that doesn’t interfere with the user experience, and allows nurses and physicians to still access the patient data they need to provide quality care.
Third, it’s important to keep all systems patched and updated. The reason the recent WannaCry ransomware variant was able to spread so quickly was because organizations had not applied available security patches to their systems.
Fourth, organizations should follow the principle of “least privilege.” The idea here is to restrict the access and actions that staff are allowed to perform to only what is necessary for them to perform their duties. For example, if a user doesn’t need to download files from the web as part of their job responsibility, then there should be a network policy in place that prevents them from doing so.
Lastly, to protect the data itself, the data should be stored in encrypted form to prevent cyber criminals from accessing it even if they’ve managed to breach the network.