The cash-intensive areas of a hospital, such as the cafeteria and billing department, as well as non-cash units like marketing, are desirable targets for hackers. Even so, the data security threats are not being adequately addressed, says Christopher Ensey, chief operating officer at Dunbar Security Solutions, a customized security services firm.

Information systems in departments that process cash and debit-credit card payments often share a network with other units in the facility. But Ensey contends that these departments need their own separate, isolated networks “so they don’t get pulled into someone else’s breach,” he adds.

That’s because departments that process payments and operate systems on a shared network can be easily hacked if another department on that network is attacked.

Payment systems are attractive targets because hackers can get access to a lot of credit or debit card data in a short period of time and sell the data—names, card numbers, expiration dates and possibly security codes—on the Dark Web, or just use the card information to go shopping.

Employee meal cards and any department outside the cafeteria handling those cards, such as human resources, also would be at risk if a hospital cafeteria is hacked, according to Ensey, who advises that employee meal card functions should be on an isolated network.

The marketing department and other units doing promotional outreach also have security risks that may not be addressed; these departments typically use patient demographic information, and often having more information on hand than necessary.

Consequently, these units must be careful in how they disseminate patient information to other organizations and vendors, such as marketing and analytics companies, Ensey counsels.

Often times, marketing information is not fully protected—it might be encrypted on a laptop, but generally not when a copy of a database is sent to a third party.

“It comes down to ease of access,” Ensey says. “The applications used today don’t make it easy to add encryption.”

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access