Data at rest in IT means inactive data that is stored on local hardware in any digital form such as databases, spreadsheets, mobile devices, etc.
As cyber threats have increased significantly in recent years, the healthcare community has done a decent job at protecting data in transit. In other words, we are good at encrypting computers, phones and even email systems so that hackers are not able to steal or access data that we are actively transferring. What we have not been good at is protecting the data being housed on-site in old servers, databases, off-site backups, etc. Here are some tips and tricks that can help to minimize your risk of being breached:
- Change passwords frequently
- Ensure that any old or backup servers are being managed by a professional IT company.
- Ensure that the IT company is monitoring activity on those servers.
- Conduct an annual Security Risk Assessment with an outside vendor.
- Eliminate on-site backup entirely and contract with a cloud backup or off-site data warehouse vendor.
- Ensure that you are actively enforcing phone and computer encryption requirements outlined in your company policy or handbook.
Even if you put all the possible safeguards in place, you will never be 100% secure. The more you do, the better protected you are!
Source:
https://www.nist.gov/