Information security is a growing concern as the tactics used by cybercriminals become more sophisticated, particularly in light of the COVID pandemic and recent healthcare breaches. Healthcare providers or their Business Associates that don’t utilize healthcare data cybersecurity best practices are at a high risk for data breach. As an organization that focuses on moving and preserving legacy patient, employee, and business records, Harmony Healthcare IT makes information security a priority. For that reason, Jim Hammer, VP of Operations and Product Development at Harmony Healthcare IT, was invited to join a recent eWeek online discussion with a panel of IT security experts. Timely topics were discussed, including information security, best practices to defend against ransomware attacks that currently plague the healthcare industry, and new information security technologies being adopted. Below are three key takeaways from the discussion. 1. Healthcare organizations are increasingly targeted by cybercriminals. Patient information is valuable — and is, at times, stored in outdated systems. “Legacy systems are often less protected, which is why they are targeted by cybercriminals,” said Harmony Healthcare IT’s Jim Hammer. In addition, many healthcare organizations are not up to date when it comes to protecting their valuable patient healthcare data. “Despite the increasing number of cybersecurity breaches, healthcare has been behind other sectors in taking security measures. Four to 7% of a health system’s IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry,” said Lisa Rivera, a partner at Bass, Berry and Sims. 2. Proper data storage is key to data protection and surviving a ransomware attack. With ransomware being one of the top cybersecurity threats to healthcare and other industries, developing safe practices for data storage and archiving is crucial to your organization for defending against ransomware attacks and having the ability to recover quickly. Proper data protection and encrypted backup versions are the main defense against ransomware attacks. Proper healthcare data backup practices also ensure networks can be brought back online in the shortest amount of time. “The 3-2-1 data backup approach is the ideal process. This means three sets of backup copies on two different types of media and one encrypted and stored offsite or in the cloud to maintain security compliance,” said Eric Bassier, Head of Product and Tech Marketing at Quantumcorp. 3. Sophisticated threat analysis and threat management systems are a costly (but necessary) investment. To deal with ever-increasing amounts of threat data and counter measures, “many enterprises and large healthcare networks are taking the approach of investing in and installing sophisticated threat monitoring and automated threat management systems. [To support their IT teams], they are also partnering with outside Security Operations Centers (SOC) to monitor and analyze threat data. These outside SOC as a service teams augment our security posture to fine-tune systems and flag high-level threats,” said Hammer. Molly Presley, EVP Product Marketing & Communication at Qumulo, added, “More applications and more complexity is tough [on IT teams] when also grappling with additional business protection requirements. Integrated data monitoring and protection tools make lives much easier.” Keep your information safe The eWEEKchat panelists concluded that developing the right governance for healthcare data access and storage, deploying technology to manage threat data and automate security tasks, and partnering with cybersecurity experts are all strategies being employed across enterprise organizations to keep their information safe. To learn more about health data security, download our latest cybersecurity whitepaper. If you are interested in how Harmony Healthcare IT can support your information security efforts, especially when it comes to data sitting in legacy applications, let’s connect.