Amid disclosures of data stolen from major companies, some patients may worry that their private medical information is just a few illegal keystrokes away. But patient data is — quite literally — stored under lock and key at Keck Medicine of USC, and a team of security experts is constantly monitoring for unauthorized cyber-breaches.
“We have an iron dome over the USC system,” said Chief Information Officer Joshua Lee, MD.
Safety and security of patient data has been a top priority at Keck since long before revelations of data breaches at companies including one of the nation’s largest health insurers. Patient information is safely stored and multiple policies ensure that cyber security is never compromised, Lee said.
“Security has to be multi-dimensional,” Lee said. “We create multiple layers to frustrate a potential attacker.”
Patient data is stored off-site through Cerner Corporation, a firm that specializes in health-care information technology. This physical storage facility is secured, but a separate data security firm and USC staff members also protect electronic data through other measures.
Among them is a security operations center in which electronic information is monitored around-the-clock by security professionals looking for abnormal computer traffic, malware and network intrusions.
Stored patient data may include clinical records, medication, length of stay and billing records. Should an unauthorized data breach still occur, patients would be immediately notified, as would state and federal officials.
Hackers target personal data because it can be sold on the underground market.
After recent data breaches at major health insurers, officials have been investigating the extent of the cyber attack, and state and federal officials are probing whether the companies took proper measures to secure data.
At Keck Medicine of USC, the storage system also uses various authentication measures to prevent breaches, including requiring that users gain access into the system through strong passwords that can’t be easily deciphered by hackers. Keck staff members are also looking at two-factor authentication, which might require a thumbprint, a retina scan or an electronic token that rotates to a new code every 30 seconds.
Staff members regularly evaluate new cyber threats and discuss security measures.
“We are constantly working to ensure that our electronic storage systems are up-to-date with the highest security standards,” Lee said.
— Douglas Morino