The Hidden Security Threat Most Hospitals Overlook

Jan 18, 2019

When it comes to securing private consumer data, healthcare facilities must adhere to the highest industry standards.  Like other businesses, they have to comply with federal, state, and local privacy laws intended to protect the consumer public from potential hazards like identity theft.  However, the healthcare industry also has to meet privacy standards set forth in the Health Insurance Portability and Accountability Act (HIPAA).

Unfortunately, policies and procedures often follow in the wake of threats when it comes to advancing technology, and the rapid advancement of online tech over the last couple of decades has left many industries playing catchup, healthcare included.  One area that many hospitals and other healthcare facilities overlook is printers.

Like most people, you may be scratching your head over this one.  Why would printers need the same level of security and oversight as a computer or mobile device?  You might be surprised to learn that modern printers have many of the same capabilities, and they can present vulnerabilities for breach.

Modern Printer Hardware and Features

Printers are no longer mere copiers.  They print, copy, scan, fax, connect with larger networks, and send, receive, and store data.  They have hard drives, they connect to servers, and they have wireless capabilities.  What they don’t tend to feature is robust security, and they could pose a threat, not only for breach, but as a gateway to larger networks.

Even more critical is the fact that these connected devices are accessible by nearly anyone within a facility.  Unlike computer terminals that store encrypted data and require passwords to access, any employee within a facility can use a printer in a variety of ways.  Printers are susceptible to both internal and external threats, and this can be extremely problematic for medical facilities that have to comply with the highest privacy and security standards.

HIPAA Standards

If you think printers aren’t covered by HIPAA standards, you’re wrong.  Covered entities, including healthcare facilities and their associates, are required to secure all computing devices involved in creating, storing, sending, or receiving protected health information.  This includes modern printers, and under HIPAA regulations, they must be secured, just like computers, laptops, servers, and other devices.

Healthcare facilities are further required to secure data against known and reasonably anticipated threats.  In other words, unsecured printers in hospitals and other healthcare facilities are not only a risk for data breach, but they also fail to comply with HIPAA regulations.

Securing Equipment

The real kicker here is that it’s not difficult to secure printers, if only organizations think to do so.  IT professionals can add needed physical and technical safeguards, including passcodes to utilize printers, as well as digital protections against outside threats.

Administrators can also implement policies and procedures for usage that dramatically increase security of these devices.  Unfortunately, an estimated 99% of organizations in the U.S. have unsecured printers that present risks for data breach, and as such, they don’t meet HIPAA standards for security.

Sioux Falls, SD businesses of any type interested in increasing data security and complying with the highest standards for privacy can partner with a reliable ITAD service provider like SEAM for data destruction purposes.  Contact SEAM today at 605-274-SEAM (7326) to learn more.