Healthcare Data Security Solutions for Protecting Health Information

CurrentWare’s technical safeguards provide critical security controls for protecting health information and improving healthcare data security.

  • Protect Sensitive Patient Data
  • Insider Threat Monitoring
  • Meet Regulatory Compliance Requirements

Protect Healthcare Data Against Theft to Insider Threats

Use CurrentWare’s data protection solutions to protect sensitive patient data, electronic health records, and personally identifiable information against data breaches to insider threats.

  • Collect evidence of data exfiltration and potential data breaches
  • Prevent the use of unauthorized USB storage devices
  • Trace user activity across all of your organization’s endpoints

Prevent Data Breaches to Unauthorized Cloud Services

Having sensitive data stored on cloud services is a significant data loss risk. Control access to cloud apps and websites with CurrentWare.

  • Block insiders from accessing cloud applications
  • Effortlessly block millions of websites across 100+ URL categories
  • Take control over data movement by blocking data egress points

Monitor Users for Events That Pose Risks to Medical Data

Your data security depends on complete visibility into how your user accounts are interacting with your systems. CurrentWare helps provide visibility into risky behavior with intuitive user activity reports.

  • Get alerts of high-risk user events and other security risks
  • Monitor for attempts to access dangerous websites, use applications that are associated with ePHI, and other high-risk activities
  • Alert your network administrator, IT department, and other trusted users when high-risk events occur
Screenshot of AccessPatrol's email alerts with alerts for USB file transfers and use of blocked devices
AccessPatrol central web console close up

Centralized Management for Scalable Data Protection

Implement data security policies from the convenience of a central web console. Easily monitor and control your entire workforce in just a few clicks.

  • Monitor & control each managed endpoint device from a central  management console
  • Place users/PCs in their own policy groups to apply a unique security policy to them
  • Integrate with Active Directory to import & sync your Windows users to the CurrentWare Console

The Critical Role of Healthcare Data Security Solutions

The health and human services industry has a duty of care to ensure the confidentiality, integrity and availability of electronic protected health information.

Prioritizing healthcare cybersecurity is essential for patient safety. Without adequate security measures to restrict access to patient records and protect healthcare networks against cyber attacks, threat actors can commit fraud or worse—shut down healthcare facilities altogether.

To ensure the safety of patient information, healthcare data security and compliance risks need to be mitigated every step of the way.

CurrentWare’s healthcare data security solutions provide critical security controls that healthcare organizations need to protect ePHI against insider threat risks.

Access Patrol has made our lives easy. We never have to worry about what may happen when someone plugs a device into our machines. -Nicolas Scheetz (IT Service Desk Supervisor, First Choice Health)
Financial_ServicesBreach_Icon

35% of Healthcare employees have stolen work-related documents before leaving or after being dismissed from a job. 1

Prevent insider data theft by restricting access to data egress points including cloud storage, webmail, and portable storage.

52.7% of fraud incidents within the healthcare sector involve the theft of customer data. 2

Healthcare organizations must monitor and restrict their trusted insiders to limit the potential for patient data to be abused.

cw_icon_databreach_white

Over 93% of healthcare organizations experienced a data breach between July 2016 – November 2019 3

300M+ records have been stolen from 2015-2019, affecting about one in every 10 healthcare consumers.

How to Improve Healthcare Data Security With CurrentWare

The software solutions in the CurrentWare suite provide healthcare organizations with critical security controls for managing healthcare technology use. HIPAA security officers can rest assured that all of the devices on their network are being consistently monitored and managed without the overhead associated with manually managing devices.

Device Blocking window Screenshot of CurrentWare's USB device control software AccessPatrol

Block & Audit Storage Devices

Control who can use portable storage devices and set security policies to limit what devices are allowed. Monitor data transfers to removable media and network storage devices to ensure that your data security policies are being followed.

Data loss prevention cloud storage DLP security tips

Prevent Data Loss to Cloud Platforms

Protect sensitive data against the risks of cloud file sharing sites. Block cloud storage sites/apps, restrict uploads/downloads, and monitor file transfers for high-risk or anomalous activity.

AccessPatrol sensitive file transfers alert

Audit User Activity for Insider Threat Risks

Monitor employee computer usage for signs of insider threats. Track file transfers, web browsing, app use, and login/logout times for high-risk, anomalous, or inappropriate activity. Receive automated alerts straight to your inbox when specific events occur.

Screenshot of AccessPatrol's USB file transfer blocking feature

Block Data Transfers to Portable Storage

Go beyond simply blocking unauthorized devices; ensure optimal data protection with your trusted devices, too. Block file transfers to portable storage devices based on file extension and file name.

Screenshot of BrowseControl's Port Filter for blocking TCP/UDP ports

Block High-Risk Network Ports

Block unused TCP/UDP ports to reduce the attack surface of your network. Improve data protection by mitigating the threat of data leakage over FTP, SFTP, IRC, and other high-risk network ports.

Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

Block Risky Sites

BrowseControl’s web content category filtering database provides you with a convenient way to block millions of websites across over 100 URL categories. Easily block users from accessing social media, porn, games, known virus-infected websites, and more!

CASE STUDY

First Choice Health Protects Medical Data & Meets HIPAA Compliance

With CurrentWare we’re certain we’re meeting today’s cybersecurity standards whilst maintaining immediate, reliant access to patient records so we can keep delivering a high-quality service to our clients.

Access Patrol has made our lives easy. We never have to worry about what may happen when someone plugs a device into our machines. -Nicolas Scheetz (IT Service Desk Supervisor, First Choice Health)

CurrentWare Features

Internet Off

User Activity Monitoring

Track web browsing, software use, search queries, and more

Remote Screen Capture

Screenshot Monitoring

Take automatic screenshots or remotely view desktops

Application Blocker

Track Software Usage

Get insights into software usage trends in your organization

Stealth

Transparent & Stealth Modes

Run silently in the background or provide notice of monitoring

Block USB

Block USB & Other Devices

Set full access, read only or no access on storage devices

Allowed List

Device Whitelist

Allow only authorized storage devices to be used

Block Files

Block File Transfers

Prevent files from being transferred to portable storage

Reports

DLP Activity Reports

Track file transfers, storage device use, file operations, and more

Internet Off

Block Websites

Block websites based on
URLs & content categories

Download Filter
Block Downloads/Uploads

Prevent uploading and downloading based on file type

Application Blocker
Application Blacklisting

Block specific Windows
applications from launching

Internet Off

PC Power Management

Remotely track and control PC power states

Internet Off

Centralized Console

Manage all your users from the
centralized console with Active
Directory import or syncing

Internet Off

Platform Security

Protect your CurrentWare console
with 2FA, passwords, privilege
management, and more

Internet Off

Offsite Management

Extend onsite security policies to any remote computer running outside the corporate network

Internet Off

SQL Server Supported

Database scaled for enterprise and
large business operations using
Microsoft SQL Server

Best Practices for Healthcare Data Security

Healthcare organizations need to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits.

Follow these best practices to improve the cybersecurity posture of your health and human services organization.

Perform Regular Risk Assessments

Understanding how your existing infrastructure could be damaged or exploited is essential for mitigating any potential risks.

Each security risk your organization faces will have..

  • An asset to protect
  • A threat that could exploit the assets
  • Vulnerabilities that make an exploit feasible

Using a risk management framework such as those from the National Institute of Standards and Technology (NIST) or the International Standards Organization (ISO) ensures that your internal assessments and security audits address the key elements of risk that your healthcare organization could face. 

Security auditing needs to be an ongoing process. New threats and vulnerabilities are constantly emerging; meeting compliance objectives for the Health Insurance Portability And Accountability Act (HIPAA) and other frameworks is only part of the picture.

Put Data Encryption in Place

Healthcare organizations need to ensure that any healthcare data is automatically encrypted and access to it is restricted to those with a decryption key. This ensures that in the event of a data leak no unauthorized parties can read the sensitive data.

Not all encryption is created equal, either. Many encryption methods have files encrypted while in transit and at rest, but decrypted while in use. This offers insiders and hackers numerous chances to steal unencrypted data. 

For optimal encryption, consider the use of Fully Homomorphic Encryption (FHE). FHE allows data manipulation by authorized parties while it is still encrypted, reducing the amount of time the data is exposed.

FHE also makes it possible to selectively restrict decryption capabilities, allowing users to only view the parts of a file that they are authorized to see and that are required for them to perform their jobs.

Note: If you would like to implement BitLocker to encrypt data on a portable storage device, AccessPatrol will continue to authenticate your encrypted devices and block unauthorized peripherals.

Educate Employees on Security Rules

Employee training is an essential part of any cybersecurity strategy. Healthcare employees must understand their part in protecting medical records from a day-to-day security perspective.

Despite the critical role the employee training has in protecting patient data, 24% of healthcare workers in a 2021 report by Osterman research stated that they had not received any security or privacy training from their employers.

Healthcare employee security training must include:

  • Their responsibilities when handling protected health information
  • The most common security threats they’ll be vulnerable to 
  • The approved channels they must use to transmit protected health information
  • Phishing awareness training 
  • Physical security protocols
  • Authentication security: Why they must not share passwords, how to safely store passwords, how to use MFA such as hardware tokens, etc
  • Security policies such as acceptable use policies and a removable media policy

Implement Access Control Measures

Without proper access control measures stealing data is as simple as transferring it to a portable mass storage device such as a USB flash drive.

Access control is a data security procedure that gives healthcare organizations the ability to control who has access to their resources and healthcare data. Secure access control uses policies to confirm users are who they say they are, and it makes sure users are given the proper access levels.

A computer security concept known as the principle of least privilege (POLP) restricts users’ access rights to only those that are absolutely necessary for them to perform their jobs. Users are only allowed to read, write, or execute the files or resources they need in order to complete their tasks.

Monitor Employee Computer Activity

According to Verizon’s Protected Health Information Data Breach Report (PHIDBR), from 2016-2018 58% of data loss events in the healthcare industry involved insiders, making insider threats the greatest cybersecurity threat to healthcare during that period.

Worse yet, a study by BusinessWire shows that almost three-quarters (74%) of organizations have experienced breaches because of employees breaking security rules.

To detect insider threats, healthcare entities need to monitor how their employees interact with sensitive information and the systems that interact with them.

Areas to monitor include:

  • Incidents of personal health information being transferred to portable storage devices
  • The anomalous use of software that is associated with personal health information
  • Visits to high-risk websites including cloud storage, personal email, and sites that are categorized as malicious

Maintain Backups of Patient Data

While data security is paramount, healthcare organizations also need to ensure that the sensitive data in their custody is accurate and available. 

If healthcare data is not accurate and readily available it can severely negatively impact the quality of patient care.

With the rise in ransomware attacks against healthcare organizations it’s more important than ever that security teams maintain and validate data backups on a regular basis. They must also ensure that data is kept in a secure and centralized location so it can be readily accessed by healthcare providers.

Ransomware attacks against companies that store and process sensitive data such as personally identifiable information (PII), trade secrets, and crime scene evidence are particularly devastated when ransomware strikes. These sorts of organizations have an added pressure to pay the ransom to recover their data following an attack should they not have secured backups prepared. 

CurrentWare’s Healthcare Data Security Solutions FAQ

Can I Use Your Data Loss Prevention Software With Remote Workers?

Yes. CurrentWare’s data loss prevention software solutions support a variety of deployment options that allow you to control USB devices, block websites, and monitor user activity no matter where they are.

To learn more about using data loss prevention with remote workers, visit this article:

How to Set Up Data Loss Prevention Software for Remote Teams

Are There Any Limits to the Free Trial?

The free trial of our data loss prevention software is fully functional. You can deploy it on up to 10 computers for 14 days. If you need more time or more computers to properly evaluate the best data loss prevention software for your organization, reach out to our support team.

Will My Employees Know They Are Being Monitored?

As with any CurrentWare Suite product, your organization is in control of how visible the data loss prevention software is.

The CurrentWare software client operates in stealth mode by default.

In stealth mode, the CurrentWare software client is not visible in the system tray or control panel of the user’s computer. Your users will not be able to uninstall the program or stop it without administrator privileges.

If you would like your users to be aware that they are being monitored, you can choose to show the CurrentWare software client in their system tray by enabling it in the client software settings.

AccessPatrol does not disclose when its USB activity monitoring feature is active. When your employees attempt to use an unauthorized USB device they can be presented with an optional warning message.

When BrowseControl blocks a website you can choose to show a warning message, redirect to another website, or simply have the connection fail.

When monitoring user activity with BrowseReporter you can choose to enable the End-User Reports feature to provide users with access to their activity data. You can also display optional notifications that periodically remind them that they are being monitored.

Does CurrentWare Have Access to Employee Data?

No, CurrentWare cannot access your employee’s computer monitoring data. CurrentWare’s software does not send your user’s computer usage data to CurrentWare. They are installed and managed by your organization.

All of the data collected by CurrentWare’s software is stored on a database that is installed in your organization’s data center or cloud service provider.

With CurrentWare’s on-premises & self-managed cloud deployment options, you’re in complete control of your data.

  • Sensitive employee data stays secured to your standards rather than being sent to a third party.
  • Maintain data localization and residency compliance requirements by keeping employee data exactly where it needs to be.
  • Retain auditable records of user activity for as long as you need

For more information please refer to our Terms of Service.

What is Data Loss Prevention (DLP)?

Data loss prevention (DLP) is a set of tools and processes that prevent confidential data from being leaked, deleted, or misused.

DLP tools work to detect and prevent sensitive data from leaving the network. To protect the confidentiality and security of data, DLP software stops employees and other end-users from copying sensitive data to unauthorized USB drives.

The security policies defined by DLP software helps to prevent end users from accidentally or maliciously sharing data that could put the organization at risk.

Can I Set Unique Device Restrictions for Different Computers or Users?

Yes. You can assign unique security policies for each computer, user, department, or other organizational unit (OU) in your company.

To do this, CurrentWare allows you to create group folders with separate policies. This feature is perfect for restricting users while providing greater access for trusted administrators.

In terms of device control, you can also use the access code generator to temporarily grant access to all peripherals or use the device scheduler to automatically allow/block devices at specific times.

In terms of internet and application restriction, you can use the internet scheduler and app blocker scheduler to temporarily allow access to blocked websites and applications at specific times.

Can I Block Specific File Types from Being Transferred?

Yes. CurrentWare has the ability to prevent your end-users from copying specific files to their storage devices. These file transfer restrictions can be configured based on the file name or file extension.

The file transfer blocking feature can also be used on devices that are on the Allowed List. This lets you provide access to company-authorized USB devices while still protecting the sensitive data in your network against exfiltration to portable storage hardware.

Who Uses This DLP Solution?

CurrentWare has a global client base across a variety of industries including government, healthcare, finance, nonprofit, and manufacturing.

CurrentWare’s customers use our computer monitoring, web filtering, and data loss prevention solutions to protect their business against time theft, data leakage, and web-based threats by monitoring and controlling computer usage.

Learn more by reading our customer case studies.

How Can I Start Protecting Sensitive Data?

  1. Download & install CurrentWare
    Download the files for your free trial. On the administrator’s computer, run CurrentWare.exe to begin the installation of the endpoint security solutions.
  2. Deploy the security software clients
    Deploy the CurrentWare software client (cwClientSetup.exe) on all the computers you want to control. You can deploy the software client with a local install or by using Active Directory, SCCM, or our built-in remote deployment tool.
  3. Monitor & control your endpoint devices
    After the installation, you will see all of your user’s computers on the CurrentWare Console. From this console, you can generate detailed reports on your user’s activities and assign data loss prevention policies to protect data against insider security threats.

Is This a Cloud Product?

The CurrentWare Suite can be deployed on-premises or on a cloud platform of your choice. Both deployment option are compatible with remote workers with a few configuration changes.

Learn More:

How is the CurrentWare Suite Secured?

CurrentWare is committed to the security of its platform, its users and their data. 

 

  • All of the data collected by CurrentWare’s solutions is stored in your organization’s data center or cloud service provider; the data is not sent to CurrentWare.
  • The web console cannot be accessed without a username and password. For an added layer of authentication security you can enable two-factor authentication.
  • You can selectively enable/disable what data is tracked and delete old records automatically.

 

For a complete overview of the security measures that CurrentWare has in place, check out the CurrentWare platform security overview page.

CurrentWare

Try CurrentWare for Free

Fully functional. Easy to use. Install in minutes.

1 At a Glance: Data Loss Prevention in Healthcare – Tessian. https://www.tessian.com/blog/data-loss-prevention-in-healthcare/.
2 Insider Threats in Healthcare – Carnegie Mellon University https://insights.sei.cmu.edu/blog/insider-threats-in-healthcare-part-7-of-9-insider-threats-across-industry-sectors/. 
3 Healthcare Data Breaches Costs Industry $4 Billion… – Black Book Market Research https://blackbookmarketresearch.newswire.com/news/healthcare-data-breaches-costs-industry-4-billion-by-years-end-2020-21027640/.