Sensitive patient records held by healthcare organizations have to be stored and processed securely, both to guard the patients’ privacy and to comply with government regulations. As a healthcare provider responsible for patient information, you have to be able to detail what measures you are taking to safeguard patient data and you have to show that these measures are adequate. These responsibilities are in direct conflict with the need for broad access to patient information by medical professionals and the trend toward greater connectivity of medical devices. Whether patient data is stored on your own servers or in the cloud, when more data has to be stored and more people have access, cybersecurity suffers.
Cybersecurity With Credentials
Conventional cybersecurity relies on credentials such as user names and passwords. You receive your credentials and have to enter them to access confidential information. For highly sensitive information such as patient records, you may have several layers of security. The information is stored in databases, and to get access, you may have to log into your device, then log into the system and finally log into the database itself.
One weakness in this system is that many people have such credentials, including the medical professionals that need access, the system administrators responsible for cybersecurity, the technicians who carry out repairs and the staff who input the data. If someone has credentials, they can access the data. A data breach can occur when an unauthorized person obtains the credentials of any one of these people.
Cybersecurity with Data Encryption
The solution is to encrypt the data itself. When unauthorized people who have obtained credentials gain access to patient information, they will not be able to read it if it is encrypted. The problem is that authorized people can’t read it either. When medical professionals access the encrypted system, they will not know what is in the data. They will have to download the entire data set and decrypt it on their device or they will have to decrypt it on the server. In the former case, the process becomes unwieldy – a doctor would have to download and decrypt a large file to get a single test result. If the data is decrypted on the server, the problem of unauthorized access with credentials remains.
There are different types of encryption and most are not suitable for encrypting patient records while maintaining easy and convenient access to data. Standard encryption takes clear data and creates an illegible hash of characters. Such a hash can’t be stored in a structured database that requires names, addresses, social insurance numbers and other specific data formats. With standard encryption you are left with unstructured data that you either have to download or decrypt in place.
Useful encryption for patient records lets you decide which parts of the patient data to encrypt and lets you store structured encrypted data in the database. Then medial professionals and other authorized people can still search for what they need. They only download the relevant data and decrypt the sensitive parts on their own device.
Cybersecurity With Tokenization
A new type of encryption called tokenization lets you manage your data with complete end-to-end security. You define which parts of the data are sensitive and those parts are encrypted as you enter the data and before the data leaves your device. Only you, as the originator of the data, have the keys required for decrypting. The sensitive data remains encrypted until it is used.
Service technicians, cloud service providers and other personnel with access to the IT systems can’t see the data. Not even your own administrators can see it. Tokenization acts as the last line of defense when cybersecurity is breached. When credential-based protection fails, your patient records are still safe.
Tokenization works by replacing characters in text and numbers with different characters. The encrypted expression retains the format of the original data but becomes illegible. A social insurance number is still a number but the figures have changed and the encrypted number becomes meaningless.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmaskShare this article: