A short but must-read if you care about data security and your customers/patients/residents. Where this HISTalk interview with Kevin Coppins, CEO of Spirion, excels is leading the reader through areas that are usually filled with fog and IT jargon. The view is from his company and a healthcare organization sitting in a conference room and scoping the problem without ‘paralysis by analysis’ or a turnkey ‘solution’ that may not be one. What’s different here is the clear, and few, logic steps, particularly the first three listed, that Mr. Coppins takes to get the ball rolling rather than befogging the discussion with too many factors or the punitive consequences of regulatory non-compliance.
“The concept of data and sensitive data is at the core of both security and privacy.”
- How much data do you have? (Nobody really knows, admit it)
- Of that data, what would you consider ‘sensitive’, and how do you define ‘sensitive’? Not only by regulation/compliance directives, but what your patients, clients and the board would consider ‘sensitive’.
- How much of that data is actually critical?
- What’s the impact? How personal is it to your organization, not just in a compliance way but in your community, etc.
- How do I reduce the risk of loss?
- If I lost the data due to hacking or ransomware, what’s the backup? How fast can this happen?
This Editor notes that these points (quantity, definition, risk of loss and recovery, and community impact) can be applied to other situation analyses.
The litany of ransomware attacks that have ramped up during the pandemic waves has pushed data security issues to the ‘gotta tackle’ list. According to Emsisoft, a security company, there were 41 attacks on healthcare organizations in first half 2020. This didn’t stop during the summer, with a rash of them at end of October and a hit list of 400 hospitals, according to Becker’s.) Hacking attacks persist but aren’t getting the headlines.
And his conclusion is pertinent: “When it comes to security and privacy and all the drama and all the noise that you hear about it and read about it, just boil it down to this — am I doing everything I can today to protect what matters most to the constituents I serve?”