How to Safeguard PHI From Healthcare SaaS Risks – Source: securityboulevard.com

2. Identify which SaaS apps house your crown jewels.

Conduct an audit to see and understand which SaaS apps store, maintain, and transmit assets that are critical to your organization’s daily operations. Threat actors tend to prey on security misconfigurations, over permissioned users, and/or vulnerable SaaS-to-SaaS connections as means to accessing your crown jewels.

3. Review business partner and SaaS provider agreements.

Take a look at the entire patient experience and map every interaction back to one of the SaaS-to-SaaS connections or SaaS apps you use. This data-matching exercise will not only reveal the precise location of where your sensitive data lives, but also indicate where the largest quantity of data exists across online platforms and SaaS apps.

4. Craft your SaaS governance framework.

Patient care is no longer bound to a centralized corporate network protected by firewalls and cloud-focused security tooling. To help control the sprawl of shadow IT, a centralized model could be necessary for organizations in highly regulated industries. Conversely, would a decentralized model alleviate overburdened IT teams by spreading the responsibility of SaaS stewardship? The key is to strike a balance between a centralized or decentralized model with nuanced SaaS governance.

5. Strengthen your security culture.

Socialize security training throughout your organization, particularly at the user level. Offer ongoing training and simulations to avoid phishing scams and social engineering attacks, spot potential malware behaviors that lead to account takeovers, and help adhere to data privacy and compliance regulations.