Cyberattacks are dominating the news, and they’re the first thing we think of when HIPAA breaches occur. But there’s another area of vulnerability that flies under the radar of many healthcare organizations: office printing.
Breaches involving office printers include remote attacks from hackers looking for network access points, as well as privacy and confidentiality violations. For example, a printer that’s not secured is likely to have uncollected documents in the output tray for anyone to collect, and leaving sensitive information around is a clear violation of HIPAA privacy rules. These same devices may have configuration holes that leave servers and the network vulnerable to attacks.
For example, 15 percent of the 54 breaches reported to the Office for Civil Rights (a subagency of the U.S. Department of Education) so far this year were due to printing errors when mailing letters to patients, according to the HIPAA Journal. These errors affect a smaller portion of customers, but the costs to the organization are the same.
HIPAA violations can result in fines of up to $1.5 million. On top of this, they leave room for negative publicity, the chance of losing your license, or other sanctions (such as mandatory HIPAA audits). With so much at stake, it’s imperative to secure your network and ensure every device connected to it is secure. Too often, we find that the print ecosystem within healthcare organizations does not receive the attention it requires.
Gaps in our information security
Complying with HIPAA continues to be a major challenge in today’s evolving high-tech environment. Hospitals and other healthcare organizations are responsible for keeping protected health information secure at all times. We see this in action when we swipe an access card to enter secure areas like medical record storage.
Security measures are in place everywhere you look, but printers are ignored far too often. The Ponemon Institute found that 50 percent of companies ignore printers when assessing end-point security. In fact, almost two-thirds of IT managers reported possible malware infections on network-attached printers.
No matter how far technology advances, people will always be the weak link in security. Employees are easily exploitable — one recent study found human error to be the root cause of 52 percent of all security breaches. Nearly a third of top security professionals polled in the 2015 Black Hat survey agree that employees are easily fooled by social engineering attacks, often resulting in the divulgence of confidential information in one form or another.
Secure your office printers and employee print workflows
It should be a high priority for every healthcare organization to re-evaluate company print strategies for HIPAA compliance. Start with the fundamentals, including three important steps you should take:
1. Implement pull-printing technology.
In a typical work environment, it’s common for documents to be left on printer trays. Network printers are usually shared between dozens, if not hundreds, of people. All too often, people send documents directly to printers and then forget about them, leaving sensitive information in the output tray for anybody to pick up. Even those who do remember to collect their prints might not do so quickly enough — there’s too much risk in such an environment.
Pull printing resolves this issue. Employees print to a single virtual queue, where their print jobs are “parked” and encrypted until they arrive at any secured printer on the network to “release” documents using their access card or login credentials. In other words, you can secure office printers so that documents can be released only when the document owner is physically present at the device, ensuring confidentiality. The side benefit to all this added security is that it shaves 30 percent off your total office printing costs.