Ensuring Security in Enterprise Imaging Platforms
Security is a big issue and concern for all healthcare facilities, as a recently-released exposé demonstrates. Ensuring patient data is secure is an ethical and legal responsibility that we should all take very seriously. The news has a steady stream of articles on HIPAA violations and fines being levied. Security must be a concern as new technologies are emerging to fundamentally transform how healthcare providers operate. Enterprise imaging is being adopted by more and more hospitals and imaging centers every year, and with platforms like the Mach7 Platform, which aggregates data and integrates with many other systems across the enterprise, vendors must work hard and know their system to ensure patient data is always protected.
Security of the Mach7 Platform from cyber attacks both externally and internally was a key consideration in the design of the system. The Mach7 Platform uses a customer’s active directory to authenticate users, we don’t store passwords, and we use Microsoft’s framework for secure LDAP authentication. In addition, the Mach7 Platform undergoes extensive penetration testing several times per year to prevent against attacks like SQL injections. We make sure that the OWASP Top 10 application security risks are addressed and tested. We contract with a third-party company to provide on-going penetration testing, our customers perform their own penetration testing, and we do internal penetration testing to find potential gaps in security and address the, as soon as possible.
We’ve talked about potential threats from outside the organization, but what about threats from within? We don’t like to acknowledge it, but it has happened from time to time: disgruntled contractors or employees having unfettered access to sensitive data stealing it and selling it to criminals on the dark web. While much of the defense against this relies on enforcement of protocol at healthcare organizations, the Mach7 Platform does provide tools to help mitigate this risk. Within the Mach7 Platform, the data archive is designed to be logically segmented, such as by department. These segments are then subject to user permissions, ensuring that a given user only has access to the patient data and images for which they are granted permission to view. In addition, the Mach7 Platform supports full transaction logging and audit trails, allowing for data access to be verified for HIPAA compliance.
Interested in seeing the Mach7 Platform in action? Be sure to sign up for a demo today.