Challenge: Securing Healthcare Data

Healthcare organizations face significant pressure to protect patient records, as data breaches lead to reputational damage, lost revenue and compliance violations. The adversary is highly motivated, however, as medical records fetch a premium among cyber-criminal networks. As attackers increase their sophistication and data environments expand, healthcare organizations must bolster their security and compliance efforts.

Medical records are also now shared at unprecedented levels across applications, devices and facilities, expanding the potential surface attack area.

Health Care SecurityThis is why Boards and C-suites are demanding data protection that goes beyond compliance to true security. For many healthcare organizations, however, the budget and resources available for data security is more limited as compared to other industries. Complicating this picture, CISOs at healthcare organizations also face:

  • Structured and unstructured data to secure
  • Multiple heterogeneous systems
  • Users who need immediate access to data that must always be protected when not in use
  • Clinicians, researchers and other users who will not tolerate any degradation in system performance

A separate challenge facing the healthcare industry is potential attacks on medical devices, possibly impacting their safety and effectiveness. For example, the FDA has issued security alerts related to vulnerabilities found in infusion pump systems that could allow an attacker to modify the delivered dosage.

Risks Associated with Healthcare Data

Risk In Healthcare Data

  • Healthcare data is highly valuable and, therefore, attractive to cyber-criminals.
  • A breached organization faces long-term damage to its reputation and revenues; once patients lose trust in the organization, they will be more likely to seek alternatives.
  • Widespread use of medical records (across clinical applications, databases and devices) accessed by multiple users in multiple facilities increases the potential attack vectors.
  • Insider threats multiply in large healthcare organizations.
  • Legacy systems and applications complicate security and compliance efforts.

Thales Data Protection Solutions

To address these challenges, healthcare organizations worldwide trust Thales. Our data protection solutions help healthcare organizations reduce risk, demonstrate compliance, enhance agility and pursue their strategic goals.

Healthcare Data Encryption

The Vormetric Data Security Platform is the only solution with a single extensible framework for protecting both structured and unstructured data-at-rest under the diverse requirements of healthcare institutions across the broadest range of OS platforms, databases, cloud environments and big data implementations.

Vormetric Transparent Encryption provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.

Vormetric Application Encryption enables healthcare enterprises to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Cloud Encryption Gateway encrypts data before it is saved to cloud storage, while keeping encryption keys and access policies under enterprise control.

With nShield hardware security modules (HSMs), you can take full advantage of native database encryption capabilities and still add higher levels of assurance to key management activities, ensuring optimal security, efficiency, and guaranteed accessibility to encrypted patient data.

Encryption Key Protection & Management

Vormetric Key Management enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Thales nShield HSMs also offer tamper-resistant, FIPS-certified encryption key protection and management that meets the highest security and compliance standards.

Medical Device Protection

Thales nShield HSMs provide the root of trust in the manufacture and operation of connected medical devices to ensure that only authorized devices can connect to, and participate in, enterprise networks.


  • Safeguard medical records by rendering them unusable to attackers.
  • Increase compliance with HIPAA-HITECH and other healthcare data privacy mandates.
  • Secure the most sensitive keys and business processes in the organization in an independently-certified, tamper-resistant environment.
  • Protect the organization’s reputation and revenue against long-term damage.
  • Encrypt sensitive data efficiently, with little to no system degradation.
  • Establish a root of trust for medical devices added to the healthcare enterprise’s network.