DOD Releases Special Report on Patient Health Data Protection

The Department of Defense Office of Inspector General has provided several federal agency leaders a special report on "lessons learned" about patient data protection during the coronavirus pandemic.

Authored by cybersecurity operations auditor Carol Gorman, the report outlines best practices for internal and cybersecurity when handling patient health information. 

"Medical administrators should seek to ensure that they also identify and mitigate cybersecurity risks and threats posed by malicious actors attempting to take advantage of the Nation’s focus on caring for the sick,” the report read.

The report contains summaries of several reports from the OIG and the Government Accountability Office, MeriTalk reported Wednesday.

Health care providers, chief information officers and network administrators were urged to adopt security measures against unauthorized access to patient data, external threats that could exploit weaknesses and internal threats that could compromise network security.

Gorman cited systematic weaknesses related to multi-factor authentication, strong passwords, identifying suspicious activity and implementing adequate security measures.

The report highlighted eight cybersecurity best practices: use multi-factor authentication, use strong passwords, identify and mitigate network vulnerabilities, encrypt patient health data, limit access to patient health data, configure systems to lock automatically, review user activity and implement physical safeguards to protect patient health information.

According to data from the Department of Health and Human Services, its Office for Civil Rights received 570 reports of health care breaches of patient health information between April 2018 and April 2020. A total of 46M patients were reportedly affected. 

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Future Trends

Join Us Now