Endpoint Devices & The Battle For Data Security
Written by Jaspreet Singh, CEO of Druva
The daily process of treating patients has been compared more than once to a military operation—and with good reason. After all, everything of real importance takes place on the front lines, at the point of patient contact. All else is purely support.
That analogy extends to the flow of data. Information has to make it to the front lines in order to be effective. Trouble is, that imperative also makes data—especially patient data—vulnerable to attack from multiple sources.
Since September 2009, the US Department of Health and Human Services has maintained a database of breaches in unsecured, protected health information affecting 500 or more individuals. Of these, more than 60 percent have involved some kind of endpoint computing device—desktop PCs and laptops as well as USB drives, tablets, smartphones and other portable electronic devices. Millions of individual records have been compromised from these endpoints due to unauthorized access or disclosure, theft, loss, hacking or other incident.
Industry-wide, the problem is even more widespread. Ponemon Institute, an independent, Michigan-based research firm focused on privacy, data protection and information security policy, issued its Third Annual Benchmark Study on Patient Privacy & Data Security in December, 2012. In the study, the institute reported that 94 percent of healthcare organizations surveyed had experienced at least one data breach over the prior two years. Nearly half (45 percent) had dealt with more than five breaches over the same period. Leading causes for breaches included lost devices, employee mistakes, third-party mix-ups, and criminal attacks.
The economic fallout of such breaches was apparent, with the average two-year cost to a healthcare organization per breach rising to a calculated $2.4 million, up from $2.2 million for the same metric a year earlier. Based on its survey figures, the institute estimates the average annual cost to the US healthcare industry from data compromises “could potentially be as high as almost $7 billion.”
The BYOD Trend
The trend among healthcare organizations for employee BYOD (Bring Your Own Device) only complicates the problem. The Ponemon study indicates that 81 percent of organizations allow BYOD as part of their IT practices. As more and more employees and medical staff use mobile devices like smartphones and tablets to access enterprise networks and systems, the risk presented by BYOD is elevated. The loss or theft of computing devices is still the number one most common way for breaches to take place; despite the exposure, more than half (54 percent) of organizations, according to Ponemon, report that they’re not confident that their employees’ BYOD devices are secure.
With corporate endpoint data doubling in size every 14 months according to some estimates, and BYOD practices increasing, the importance of securing data on laptops, tablets and smartphones has never been greater. So what should a healthcare organization do?
How To Ensure Data Security
Every responsible healthcare data security program begins with an audit—and endpoint data needs to be a primary focus. Security personnel need to ask, and answer, all the pertinent questions. Who has access to patient data, and on what kinds of devices? Who is allowed to collaborate on, and update, this data? Who is authorized to share information, and with whom, both inside and outside the organization?
By gaining a full understanding of what kinds of data is residing on which devices, security protocol and policy becomes much clearer. What’s more, the security audit will help reveal the nature and scope of data vulnerabilities. Most breaches, as it turns out, are unintentional; only a small percentage results from deliberate, malicious intent (i.e., attacks by hackers or disgruntled employees). Examining workflows and employee behaviors will significantly influence the types of security solutions needed.
In addition to an audit, an endpoint security program should be implemented. Such efforts typically include endpoint management technology, specifically software designed to efficiently back up data while facilitating the file sharing and collaboration. To be effective, endpoint management software must be easy to administer, non-intrusive and transparent; just as important, it must have the capability to remotely wipe data on the device, should it be lost or stolen. Along with the technology itself, centralized policies must be established for controlling access to data, such as how to control sharing of files among employees.
Other elements of a strong data protection program include encryption (including full disk encryption where practical) plus firewall and intrusion protection for networks and data repositories. Usernames and passwords, paired with a token or biometric, are highly recommended to ensure proper user authentication. Furthermore, employee security training is important—and workers must be held accountable for maintaining data security practices.
When sharing data with third-party vendors and care partners, organizations should contractually obligate those outside parties to participate in their security policies. Frequent testing of software and systems should also be a regular practice. Finally, should a breach occur, it’s essential that mitigation protocols be instituted quickly to limit damage and protect patient information.
Data Security Should Be A C-Suite Concern
Clearly, endpoint devices will be major tools in healthcare in the years ahead. The worldwide population of mobile workers is expected to reach 1.5 billion by 2015; within the next year alone, IDC predicts that individual-liable devices will grow to 60 percent of all mobile devices used in business. There’s no reason to believe the proportion of devices found in healthcare will be any different.
With the formation of ACOs, the deployment of electronic health records and HIEs, the accelerating pace of group practice acquisitions, and the mergers of healthcare organizations all adding complexity to healthcare, it’s critical that everyone—CEOs, CFOs, CIOs, IT directors and security professionals—understand the importance of endpoint data security to organizational practice. Those responsible for data security must provide solutions that back up data on endpoint devices, as well as a remote wipe capability for all devices whether BYOD or enterprise-owned.
It’s been said that an army travels on its stomach—but in the 21st century, the essential commodity to any healthcare operation will be its data. Every day, your people are on the front lines, putting that data to optimal use. Don’t put it at risk. With an adequate defense in place, you can make sure your employees’ devices won’t become a casualty for your organization.
About The Author
Jaspreet is a Co-Founder and CEO of Druva. An entrepreneur at heart, he bootstrapped the company while defining the product, sales and marketing strategies that have resulted in Druva’s early and impressive success. Prior to founding Druva, Jaspreet was a member of the storage foundation group at Veritas. He also held a number of engineering specific roles at Ensim Corporation. Jaspreet holds a Bachelors in Comp. Sc. (BTech) from IIT Guwahati.
How UiPath robots are helping with the NHS backlog
The COVID-19 pandemic has caused many hospitals to have logistical nightmares, as backlogs of surgeries built up as a result of cancellations. The BMJ has estimated it will take the UK's National Health Service (NHS) a year and a half to recover.
However software robots can help, by automating computer-based processes such as replenishing inventory, managing patient bookings, and digitising patient files. Mark O’Connor, Public Sector Director for Ireland at UiPath, tells us how they deployed robots at Mater Hospital in Dublin, saving clinicians valuable time.
When Did Mater Hospital implement the software robots - was it specifically to address the challenges of the pandemic?
The need for automation at Mater Hospital pre-existed the pandemic but it was the onset of COVID-19 that got the team to turn to the technology and start introducing software robots into the workflow of doctors and nurses.
The pandemic placed an increased administrative strain on the Infection Prevention and Control (IPC) department at Mater Hospital in Dublin. To combat the problem and ensure that nurses could spend more time with their patients and less time on admin, the IPC deployed its first software robots in March 2020.
The IPC at Mater plans to continue using robots to manage data around drug resistant microbes such as MRSA once the COVID-19 crisis subsides.
What tasks do they perform?
In the IPC at Mater Hospital, software robots have taken the task of reporting COVID-19 test results. Pre-automation, the process created during the 2003 SARS outbreak required a clinician to log into the laboratory system, extract a disease code and then manually enter the results into a data platform. This was hugely time consuming, taking up to three hours of a nurse’s day.
UiPath software robots are now responsible for this task. They process the data in a fraction of the time, distributing patient results in minutes and consequently freeing up to 18 hours of each IPC nurse’s time each week, and up to 936 hours over the course of a year. As a result, the healthcare professionals can spend more time caring for their patients and less time on repetitive tasks and admin work.
Is there any possibility of error with software robots, compared to humans?
By nature, humans are prone to make mistakes, especially when working under pressure, under strict deadlines and while handling a large volume of data while performing repetitive tasks.
Once taught the process, software robots, on the other hand, will follow the same steps every time without the risk of the inevitable human error. Simply speaking, robots can perform data-intensive tasks more quickly and accurately than humans can.
Which members of staff benefit the most, and what can they do with the time saved?
In the case of Mater Hospital, the IPC unit has adopted a robot for every nurse approach. This means that every nurse in the department has access to a robot to help reduce the burden of their admin work. Rather than spending time entering test results, they can focus on the work that requires their human ingenuity, empathy and skill – taking care of their patients.
In other sectors, the story is no different. Every job will have some repetitive nature to it. Whether that be a finance department processing thousands of invoices a day or simply having to send one daily email. If a task is repetitive and data-intensive, the chances are that a software robot can help. Just like with the nurses in the IPC, these employees can then focus on handling exceptions and on work that requires decision making or creativity - the work that people enjoy doing.
How can software robots most benefit healthcare providers both during a pandemic and beyond?
When the COVID-19 outbreak hit, software robots were deployed to lessen the administrative strain healthcare professionals were facing and give them more time to care for an increased number of patients. With hospitals around the world at capacity, every moment with a patient counted.
Now, the NHS and other healthcare providers face a huge backlog of routine surgeries and procedures following cancellations during the pandemic. In the UK alone, 5 million people are waiting for treatment and it’s estimated that this could cause 6,400 excess deaths by the end of next year if the problem isn’t rectified.
Many healthcare organisations have now acquired the skills needed to deploy automation, therefore it will be easier for them to build more robots to respond to the backlog going forwards. Software robots that had been processing registrations at COVID test sites, for example, could now be taught how to schedule procedures, process patient details or even manage procurement and recruitment to help streamline the processes associated with the backlog. The possibilities are vast.
The technology, however, should not be considered a short-term, tactical and reactive solution that can be deployed in times of crisis. Automation has the power to solve systematic problems that healthcare providers face year-round. Hospital managers should consider the wider challenge of dealing with endless repetitive work that saps the energy of professionals and turns attention away from patient care and discuss how investing in a long-term automation project could help alleviate these issues.
How widely adopted is this technology in healthcare at the moment?
Automation was being used in healthcare around the world before the pandemic, but the COVID-19 outbreak has certainly accelerated the trend.
Automation’s reach is wide. From the NHS Shared Business Service in the UK to the Cleveland Clinic in the US and healthcare organisations in the likes of Norway, India and Canada, we see a huge range of healthcare providers deploying automation technology.
Many healthcare providers, however, are still in the early stages of their journeys or are just discovering automation’s potential because of the pandemic. I expect to see the deployment of software robots in healthcare grow over the coming years as its benefits continue to be realised globally.
How do you see this technology evolving in the future?
If one thing is certain, it’s that the technology will continue to evolve and grow over time – and I believe there will come a point in time when all processes that can be automated, will be automated. This is known as the fully automated enterprise.
By joining all automation projects into one enterprise-wide effort, the healthcare industry can tap into the full benefits of the technology. This will involve software robots becoming increasingly intelligent in order to reach and improve more processes. Integrating the capabilities of Artificial Intelligence and Machine Learning into automation, for example, will allow providers to reach non-rule-based processes too.
We are already seeing steps towards this being taken by NHS Shared Business Service, for example. The organisation, which provides non-clinical services to around two-thirds of all NHS provider trusts and every clinical commissioning organisation in the UK, is working to create an entire eco-system of robots. It believes that no automation should be looked at in isolation, but rather the technology should stretch across departments and functions. As such, inefficiencies in the care pathway can be significantly reduced, saving healthcare providers a substantial amount of time and money.