Unseen and Unsecured: Why Print Security Should Be a Priority for Healthcare Leaders

How Print Security Is Essential for Healthcare Organization

As healthcare organizations focus on bolstering their cybersecurity defenses against digital threats, one critical area that often goes ignored is print security. Despite being an essential component of healthcare operations, printers remain a potential security loophole that healthcare leaders tend to overlook, putting sensitive patient data at risk.

60% of businesses suffered a print-related data breach

Printers are connected directly to the internet and sensitive corporate networks, they send data through fax and emails, and are potential risks and security vulnerabilities posed by enterprise Internet of Things (IoT). They are used to print sensitive, confidential, and classified data and also store copies of that data in their memory. According to Quocirca’s report, up to 60% of businesses suffered a print-related data breach within a year.

The humble printer is often overlooked within cybersecurity plans. But they could pose a security risk just like any other device in the hospital.

Many risks arise from employee actions. For example, healthcare professionals or administrators may send documents containing patient data to print and never pick them up. Research have shown that up to 30% of print jobs are never even picked up from the printer. Many others go to the printers to pick up their own documents and would have inadvertently seen these confidential reports.

Another issue is the lack of organization-wide user control or print policies amongst healthcare professionals in general. This includes having visibility and control to printing output across the organization – audit trails of who, when, and where documents were viewed or printed.

How about Printing from the EMR?

Printing from the EMR (Electronic Medical Record) can be a cybersecurity concern because EMRs contain highly sensitive patient information, such as medical histories, test results, and billing information. If this information is not securely transmitted to the printer and appropriately managed, it can be intercepted or accessed by unauthorized individuals, leading to privacy breaches and other cybersecurity risks.

Bringing print security to the fore

Hospitals can avoid patient privacy breaches by implementing print release and user authentication features. These features require the user to be at the printer to authenticate their identity (through a staff pass or other means) before the documents are printed. This ensures that no sensitive info can fall into the wrong hands, and helps eliminate the chance of missing or duplicate print pages which may affect critical patient care-related workflow. Adding a watermark on all documents, of the staff member who printed them, could also encourage staff to be more careful with what documents they print and how.

This ensures that no sensitive info can fall into the wrong hands, and helps eliminate the chance of missing or duplicate print pages which may affect critical patient care-related workflow.

Hospitals can also work with printer vendors that provide security solutions to ensure that their printers are equipped with the right security features and that they are configured properly. Hospitals should conduct regular security audits and update their printer firmware regularly to patch any security vulnerabilities. By having a print security strategy, hospitals can prevent cyberattacks, protect patient privacy, and safeguard their reputation.

With cyberattacks expected to grow in sophistication and volume, it is vital that the healthcare industry continues to explore solutions enabled by new technologies, and review existing print infrastructure to mitigate vulnerabilities and provide greater continuity of care. This is not an easy task when we consider the complexity of a hospital’s IT infrastructure and the sensitive nature of the data it produces; but a necessary one, as printed documents continue to be relied upon in critical patient care processes, and we know the consequences on the patient and organizational level if printers were to be hijacked.

While this article sheds light on the critical need for healthcare organizations to prioritize print security, there is much more to learn and discuss on this important topic.

Please don't hesitate to reach out. Let's continue the conversation and work together!

All my best!

Dr Jason Tee, MD, MBA, CPHIMS

View the original article here.