Cybersecurity Business

How do I protect medical results and diagnostic tests?

by Leave a Comment

Nowadays, doctors, laboratories and hospitals use technology to communicate with their patients, looking for the fastest way to send their medical results. Generally, they use hospitals and web portals to publish results in addition to sending them via email. Despite the speed and ease of access, there remains a question: are these routes really the most appropriate or safe? What is the best way to protect medical results?

Patient results often contain delicate health information that should be considered sensitive and private. Therefore, physicians, radiologists, laboratories or any other entity in the health sector that has access to patient information is responsible for protecting these results while delivering them to the recipient.

The new General Regulation of Data Protection (GDPR) requires that patients’ information  be treated more cautiously, due to this data being classified as “sensitive”. This label implies that the mishandling of these records could have serious consequences for the patient’s personal life or for those who handle the information, in this case the hospital or doctor.

It is important to know what the correct use of this type of data is, and what precautions should be taken to ensure that it reaches the patient safely. It is the responsibility of both parties to use the appropriate channels to transmit the data.

Encryption to protect medical results

As previously stated, protecting tests is a necessity that must be taken seriously, regardless of the result. Lack of protection could lead to serious problems. For example, a person who does not have the proper knowledge could intercept and misinterpret the results and give the patient an incorrect diagnosis.

Ideally, medical centers should have adequate tools to ensure that the results will reach the patient so that they receive a diagnosis along with the appropriate instructions without causing any unnecessary problems. Encrypting the data shared between doctor and patient is the best way to achieve this goal.

Today there are file encryption tools which allow you to send files simply while ensuring they  reach the chosen recipient. With this type of solution, medical centers can digitize results and send them to patients without risking their privacy.

HushApp is a tool that can be adapted to this need in the medical sector. It is comprised of end-to-end encryption technology, which will greatly reinforce the protection of medical results. It is also ideal for small consultations because it does not require complicated facilities and maintains a very concise learning period.

Overly complex technologies are unnecessary to protect medical tests. The HushApp makes the process simple, and will ensure the privacy of patient and physician alike.

The CISO new figure and its role in corporate cybersecurity

by Leave a Comment

Cyberattacks are increasing in business sectors; the more connected to the internet companies are, the more vulnerable they are to attack. With this imminent threat, entrepreneurs are aware of the fact that it is if, but when they will be attacked. It is for this reason that many companies are beginning to hire a new staff figure: the Chief Information Security Officer (CISO).

Although companies recognize the potential damage that a cyberattack can bring, statistics indicate that corporate leaders are not taking the necessary measures to protect themselves.  

One of the reasons why necessary measures are not taken is the lack of knowledge regarding the directive itself. The National Association of Corporate Directors (NACD) published a survey to more than 600 directors and professionals of corporations, they found that only 19% believe that their boards have a high level understanding of cybersecurity risks.

However, they are aware of the biggest risks that a cyberattack could bring. A study was conducted by BAE Systems among 300 managers of companies in the United States. It found that 85% of those surveyed mentioned reputation lost as the most serious consequence of a leak, while 74% considered the legal repercussions as their second largest concern.

Taking the appropriate security measures not only involve resources, qualified staff and technology, it’s also about having the ability to manage them with astuteness. That’s why it is important to determine the role of the Chief Information Security Officer (CISO) as they attempt to keep the interests of the company safe.

What are CISOs facing?

Restrictions on the implementation of security processes in response to app vulnerabilities, mobile device use without security policies, insufficient staff for IT security, and adequate software for confidential files protection are some of the reasons for deficiency in the cybersecurity field.

We should add the need of a CISO to convince the directors board of possible consequences of a cyberattack in an environment where administrative sector is generally given priority.  

Considering the legal responsibility for a security crack that affects customers and how it will correspond with the company’s management. It is necessary to know in depth what is done in this department and how to integrate it with the business strategies of the company.

Establish a cybernetic culture throughout the company

This solution goes beyond understanding security protocols, it is also ensuring that the board of directors establishes a strong professional relationship with the CISO. This will help the board understand the cyber threats, implement appropriate security controls and at the same time promote cybersecurity culture.

A Harvard Business Review research found that 9 out of 10 CISOs are directly linked to the highest management team, half of which belongs to the management team.

Another interesting suggestion is encouraging the involvement of the CISO in the business initiatives. This allows their risk assessments to be taken into account before and during the analysis of results.

On the other hand, to promote  an effective safety culture, it is necessary to have appropriate technology that allows the team to keep up with cybersecurity. Currently there are tools designed for managers that allow them to control the flow of sensitive information inside the company.

Cybersecurity challenges are increasingly difficult, therefore it is task of all staff to carry out appropriate safety measures. It is no longer the responsibility of the IT department, it is necessary to involve and create cybersecurity culture throughout the team, and managers should be example to follow.