Earlier today, Community Health Systems, one of the largest hospital groups in the US, reported that a cyber attack had succeeded in breaching its security to steal the personal data of 4.5 million patients. Although the company’s filings stated that the stolen information did not include credit card information, medical or clinical information, the data is still covered by the Health Insurance Portability and Accountability Act (HIPAA), and by definition, it is personal data that no one wants the bad guys to have. This is a big deal. The full article is here.
As medical providers transition to Electronic Medical Records (EMR), all of their HIPAA data moves to the cloud and is accessed by a browser. Many practitioners assume that they are protected, that someone -- their hospital’s IT team, their EMR provider, their ISP, their anti-virus provider -- has the browser locked down. But as we have seen again and again across sectors, the browser is simply not secure.
Many smaller healthcare organizations and private practitioners have recognized the vulnerability of the browser and taken steps to operate more securely by shifting to Silo as the go-to browser for HIPAA apps. But larger hospitals and healthcare systems may be relying on the traditional IT budgeting and procurement processes for protection. As the FBI noted when it warned healthcare providers that their security was lax back in April of this year, it is not enough.
The web and how users access web apps are beyond the scope of any IT point-security solution; there are just too many variables. Users have multiple browsers on different operating systems running on unknown devices accessing the web through uncontrolled networks. The web app environment opens up too many points of entry.
This is why Silo is so effective. It doesn’t matter what browser you use or what network you use to access the internet. Silo is a secure browser and communications side channel that is completely locked down. All data exchange and activity takes place in Silo’s secure environment. There is no way for a potentially infected device to extract sensitive data from the web app; and by managing users’ access to medical websites, users can’t enter their credentials and get phished. And, since policies can be configured for users and devices, IT can ensure that HIPAA data isn’t downloaded to devices that aren’t trusted.
Regardless of how small your practice or how large your IT budget, remember that traditional browsers are vulnerable and being HIPAA-compliant means taking the measures necessary to protect sensitive data. Listen to the FBI: you’re probably not doing enough. If you’re governed by HIPAA and your users access data via the browser, you need Silo!