It’s a common saying, and who would argue against it? The majority of us take our health very seriously. Our health information is deeply personal, and something we understandably want to keep to ourselves. It is truly the embodiment of Personally Identifiable Information (PII), and we have every right and the expectation that our medical records will remain private and only be disclosed to those who truly need access to them.
That’s why this week’s news headlines regarding the hack on the World Anti-Doping Agency are particularly troubling. It demonstrates just how vulnerable our precious health PII is, and the potential impact when medical information is hacked and made public. One has to have great sympathy for those athletes caught up in the WADA hack, with many suddenly forced to speak publicly about very private matters. People like Simone Biles command our respect by handling this difficult situation with such grace and strength, showing what champions they truly are.
Beyond the WADA revelations, it is clear that the sanctity of our healthcare information is at risk. There is money to be made from the sourcing and selling of medical information, attracting the criminal element. In fact, reports indicate that in underground forums, medical records are now 10 times more valuable than credit card records.
The problem is clear, so what is the solution? There is a growing need to ensure the security of medical information, and to hold the organizations that store this information accountable. This is precisely where standards such as the Health Insurance Portability and Accountability Act (HIPAA) come into play. HIPAA provides robust regulations and guidelines for maintaining the security and privacy of individually identifiable health information. It provides a comprehensive framework of practical considerations that outline what organizations need to do, while leaving the details of “how to do it” up to each implementing organization.
CrowdStrike recognizes the challenge these organizations face in seeking to secure medical information, and we are here to help. Today, we have released a report on how the CrowdStrike Falcon™ platform can help organizations achieve HIPAA compliance. The report was produced by Coalfire, a leading HIPAA assessor. It confirms that CrowdStrike offers a suitable solution for addressing a number of key technical requirements in the HIPAA Security and Privacy Rules. With its powerful combination of next-generation antivirus, EDR (endpoint detection and response) and managed hunting capabilities, CrowdStrike Falcon addresses eight separate requirements with respect to the HIPAA security and privacy rules. This level of support for organizations working to achieve HIPAA compliance is unprecedented from what we can tell.
The responsibility of safeguarding and protecting medical information is an onerous one. Robust regulation is key and HIPAA plays a critical role, as does the ongoing advancement of endpoint security solutions that can thwart both commodity attacks and sophisticated threats targeting organizations charged with protecting our medical PII. CrowdStrike is committed to this partnership between the healthcare community and endpoint security providers, and we believe that working together is the only way to truly protect the privacy of individuals, today and in the future. There is no higher calling, because when it comes right down to it, there is nothing more important than your health.