You hear the stories with some regularity: patient data that ends up in the wrong hands. Recently this was, quite literally, the case in Germany. Patient files of a local hospital weren’t destroyed in the right way and ended up as confetti on the streets. In addition to this, several other German hospitals were threatened by hacks. It’s every healthcare provider’s nightmare, not to mention the patient’s.
The use of technology to modernise and streamline healthcare services is growing. Protecting sensitive data is especially important within healthcare: you don’t want identifiable patient data to become public. Regardless of how well software is secured, if people use the software in an insecure way, you’re still at risk.
With a few simple actions you can cut the amount of unnecessary risks that may lead to a breach in security. Indeed, most data breaches are the consequence of human errors with IBM estimating that 95% of all data breaches resulting from human errors.
In this blog we line up some simple tips for you: this is how you keep it safe!
1. Safe passwords?
Never use a password more than once and use long passwords that are hard to guess.
These are rules we all know but that are frightfully often violated. And to admit the truth, we are all guilty of (ever) violating them? It is difficult to create and remember all those long, strong passwords. The truth is, even if you have remembered the passwords you still have to think of which password belonged to which account.These are rules we all know but that are frightfully often violated. And to admit the truth, aren't we all guilty of (ever) violating them? It is difficult to create and remember all those long, strong passwords. The truth is, even if you have remembered the passwords you still have to think of which password belonged to which account.
Fortunately, there are tips and tricks to help you:
- Passwords containing random words are strong. Using random words separated by a dash (-) or another sign strengthens your password. In order to make it easier for you to remember your password you could even make up a story or find a fun way of remembering the sequence of words. See the cartoon below for an example.
- Using a sentence as a password also strengthens ones password. Sentences are long, and thus hard to crack, but can make it easier to remember ones password.
These tips can help you create a strong and secure password. However, if you are handling several passwords a password management tool can be very helpful. A password management tool stores all your passwords in a safe way, granting access to the user via 1 master password. At Minddistrict, we favour the use of 1Password, however there are loads of other great password management tools out there such as Lastpass, Ascendo and Roboform.
Lock your computer every time you walk away from it.
Just like you should lock your front door every time you leave your house, it’s a good habit to lock your computer every time you go to the toilet, grab a cup of coffee or just step outside to have a chat with your colleague. Think of all the people that could possibly get access to your computer, and thus potentially sensitive data, if you don’t lock your computer.
You can easily lock a Windows-computer by pressing the windows symbol and the letter L (‘lock’) at the same time. Read here for information about how to lock a Mac.
If you use a tablet, laptop or a phone for work then it’s even more important to lock your devices. They can get stolen, or you could lose them, which gives far more people the possibility to access your device. Always use a strong password/combination to securely lock your devices.
3. Sending and storing sensitive data
Don’t send sensitive data by e-mail. And don’t store these data on ‘external media’, like a USB-device, a CD or an exteral hard-disk.
There are more than enough examples clearly illustrating the danger of storing sensitive data on external data storage devices, like a USB-device, a CD or an external hard-disk. These storage devices make data easily accessible to a wide range of people. There are numerous examples of these devices getting lost and inadvertently forgotten on trains.
If you work with sensitive data, you should see storing them as a necessary evil. Compare it to surgergy. To heal patients, a surgeon has to anaesthetize and operate a patient. But the surgeon wants to do that in as short a time as possible, since it's also dangerous to the patient. Just like the surgeon, you as a professional want to leave as few traces as possible of a treatment in places where other can see it later, or can even copy the data. These places can obviously be an USB-device, but also e-mail conversations with your patients.
E-mail? Why isn’t e-mail safe? Well, unless sent on a secured connection, e-mail is fairly easy to eavesdrop on. The text within e-mails isn’t automatically encrypted and it’s impossible to control who has access to your e-mail between the point of sending and the point of receiving. Compare it with sending a postcard: the message is written on the back of the card, is not secured in an envelope, and can be read by everyone who happens to have access to the postcard between the point of sending and the point of receiving. Thus, if you send an e-mail you can never be sure that a malicious third-party isn’t reading your message too.
What can you do to prevent security breaches?
- Make sure that sensitive data is not stored, or is stored for only a short period of time, in ‘dangerous areas’ like on a USB-device
- Avoid sending and storing sensitive date whenever possible
- Use safe ways to communicate if you can, like the safe messaging feature in the Minddistrict platform.
Be aware, not afraid!
Should you be scared now to use online tools? No, that’s unnecessary. It is smart to handle data and devices with care, like you would offline. If you keep that in mind, you’re doing it safely.