Understanding the Risks of storing patient data in clinic PC

Do you still keep copies of patient data in your clinic PC?
Are you aware of the risks it poses?

The danger of keeping copies of patient data in your clinic (offline or downtime data)?

• Does your current clinic software allow you to backup copy of your clinic data into PC in the clinic?
• Do you know that hackers are able to access computers remotely by viruses or malwares and get hold of these data files?
• It will be even worse if the data files are not encrypted. They will be able to easily load the files and view all patient data.
• PDPA and GDPR impost strict guidelines and penalty on patient data leak.

On 3 Jun 2021, there was an article on electronic retailer Audio House system being hacked. Their customer’s name and contact numbers were stolen by a hacking group.

We would like to highlight few points from the article.

• Audio House stored customer data in their own system. They mentioned the system’s security and firewall were insufficient and need to be upgraded after the incident. On the other hand, their customers credit card information was not stolen as it was handled by third party payment gateway.
• Furniture retailer Vhive had their server compromised on March 23.
• Both incidents occurred on systems managed by the companies themselves in their premises. This is no coincidence.

It is important to understand that costs to set up firewalls, security hardening, & etc. is relatively high and complex for SMEs who have limited knowledge on IT Security. Implementing and maintaining the required security measures themselves will be too costly and not feasible. Most SMEs will just do the bare minimum, holding the mindset that hackers are not interested in them as they are just small company and so won’t fall victim to such incidents. However, from the ransomware cases reported, the intention of the hackers is to blackmail for money, they do not specifically target any company.

For clinics with minimum or no proper security measures implemented, the risk of clinic systems and data being compromised is real. As such, we strongly DO NOT advocate storing clinic data in system within the clinic.

Our solution, Clinic Assist Software, offers you a comprehensive and secured platform.

• It is hosted in Microsoft Azure Data Center which is certified by IMDA under Multi-Tier Cloud Security (MTCS) level 3 designed for companies with regulatory compliance requirements, address security risks & threats to high impact IT systems and hosting highly confidential medical records.
• Clinic database are encrypted with Transparent Data Encryption (AES 256-Bit) using Microsoft propriety technology and not third party encryption that allow easily decryption.
• For data in transit from server to clients is encrypted with Entrust SSL (Secure Sockets Layer) 2048-bit RSA with SHA-256.
• Penetration test & Vulnerability Assessment are conducted yearly to identify any potential vulnerabilities and proactively shore up these weaknesses before exploitation by hackers.
• Our solution includes Backup and Restoration daily to ensure backup is properly done.
• We have in place Disaster Recovery mechanism.
• On occasions where your clinic broadband is down, Clinic Assist Software allow access of patient data via native mobile apps (mCAS) through doctor’s mobile phone.
  The mobile apps run on 4G network which is independent and not affected by the broadband failure.

Do not hesitate to contact us. Let us assist you to take care of the security measures and protect your clinic data so you can focus on your clinic operation.

Email : enquiry@eclinic.com.sg
Mobile : (65) 8180 4207