It can be the small, unintentional errors that expose valuable health data to data thieves. Filling out social media quizzes that are actually gathering information about you—like your birth month or high school mascot. Holding your building door open for a delivery person with their hands full. Clicking on an urgent email request from a senior executive.
Small errors can lead to massive data breaches. Here’s how we help keep health data safe.
A company’s security is only as strong as their weakest link. At Discovery Health Partners, we’ve earned certified status for information security by HITRUST for several of our technologies that drive the use of data across our solutions.
One of the parts of HITRUST compliance is user awareness training—reinforcing the procedures everyone needs to follow to ensure that our employees aren’t going to violate your health plan’s data.
Along with processes, tools and technology, we’ve implemented ongoing employee training:
- Our employees are trained to understand how to handle data in any type of media—whether it’s in an email, a computer monitor, or a printed document
- We have specific instructions on how to handle data at any point—including destruction of media
- We’ve educated our team on the many social engineering tactics hackers use (Tips and tricks featured below)
- We follow up this training with monitoring and reporting to ensure that these safe practices happen—and we can respond quickly if we discover a glitch
- We also ensure our third-party providers protect your data with tight security protocols, monitoring, and training
While a company can have the latest cybersecurity technology in place, if someone in our building opens the door to let someone in—or clicks on a link in an email that seems to come from HR, they’ve just bypassed that technology.
So as the bad guys get better and smarter, it’s even more important for us to train our employees to be diligent and aware of the latest tricks.
As a recent report on healthcare data breaches reasonably pointed out—while people are a company’s most valuable asset, from a security point of view, they can also be its weakest link.
Learn more about HITRUST certification here.
Tips and tricks
Data breaches are often the result of social engineering, attempts to trick unsuspecting employees into handing over confidential or sensitive data. Social engineering plays on human nature and emotion to deceive someone into providing access to information or deviating from established security protocols. Here are some examples of social engineering and how you can help avoid falling for these attacks.
TIP Be careful on social media. Based on your social networking, hackers may already have a lot of information about you. They may know your name, where you work, your birthday, what position you hold.
TIP You get an email from HR asking you to click a link for an employee opinion survey. Before you click that link—verify the sender by hovering over the email address.
TIP Have at least three algorithms for your online passwords—one for your banking, one for your personal use and one only for work.