Safeguarding Patient Data: How Moffitt Protects Your Information
In today’s digital world, Moffitt Cancer Center is entrusted with vast amounts of sensitive patient data every day. This includes medical histories, treatment plans, insurance details and even genetic information. Moffitt recognizes that protecting this data is crucial — not only for maintaining patient trust but also for complying with regulations like the Health Insurance Portability and Accountability Act (HIPAA).
Behind the scenes, Moffitt’s Information Security team plays a vital role in protecting this sensitive data from the growing threat of cyberattacks. But what exactly does Moffitt’s Information Security team do to protect patient data? Let’s take a closer look.
Why Information Security in Health Care Matters
We know health care facilities are a prime target for cybercriminals. We see it every day. The reason is simple: patient data is incredibly valuable. Hackers can sell stolen data on the black market, commit identity theft or even hold a hospital’s entire system for ransom. In fact, hospitals and research facilities have seen a rise in ransomware attacks, in which hackers lock down critical systems and demand payment to release them.
A successful attack could mean that our doctors lose access to important patient records, medical devices may malfunction and our research data could be compromised. This could severely disrupt operations, delay patient care and compromise research findings, sometimes with life-threatening consequences.
Building a Defense: Key Responsibilities of the Information Security Team
The Information Security team at Moffitt works tirelessly to ensure that our patients’ information remains secure. We use a combination of collaboration with key teams, technology and constant vigilance. Here are some of the key responsibilities:
1. Data Encryption
Encryption is one of the most basic and important tools Moffitt uses. It works by converting sensitive data into unreadable codes, making it nearly impossible for unauthorized users to access it. Moffitt’s Storage Management team ensures that patient records, research data and communications are encrypted while being stored and when sent between systems. This way, even if a hacker manages to intercept the data, they won’t be able to make sense of it.
2. Firewalls and Intrusion Detection Systems
To keep hackers out, the Information Security team has set up digital barriers known as firewalls. Firewalls act like security checkpoints, monitoring the data that comes in and out of Moffitt’s network. If something seems suspicious, the system alerts the team, and they can investigate potential threats before they become major problems. In addition to firewalls, intrusion detection systems work in real-time to identify unauthorized access or malicious activity within the network.
3. Regular Software Updates and Patching
Many cyberattacks occur when hackers exploit weaknesses in software programs that hospitals and research facilities rely on. To prevent this, Moffitt’s Information Security team ensures that all software — whether it’s used for patient management, medical devices or research — is up to date. Software updates often include important security patches that fix vulnerabilities. Staying on top of these updates is a crucial part of keeping Moffitt’s network safe.
4. Information Security Awareness
No matter how strong Moffitt’s digital defenses are, human error remains one of the biggest risks. Any of Moffitt’s team members may unintentionally open phishing emails, click on harmful links or use weak passwords. To combat this, the Information Security team conducts regular training sessions to help staff recognize common threats and adopt safe online practices. Simple actions, like not clicking on suspicious links or updating their passwords, can significantly reduce the risk of an attack.
6. Backups and Recovery Plans
In case a cyberattack or system failure does occur, having a solid backup plan is crucial. Moffitt’s Storage Management team regularly backs up patient data and critical research to secure offsite locations. Moffitt’s Disaster Recovery team maintains detailed recovery plans that outline the steps to restore systems and data if something goes wrong. This ensures that the hospital can continue to function and provide patient care, even in the event of a cyber crisis.
Collaborating with IT and Medical Teams
The Information Security team doesn’t work in isolation. We regularly collaborate closely with the hospital’s broader IT department and other medical teams. Together, they ensure that any new technologies, such as electronic health records systems, telemedicine tools, Generative AI or medical devices connected to the internet, are secure from the start. Before building new buildings and implementing new systems, the Moffitt’s Information Security team of experts conducts thorough risk assessments, testing for potential vulnerabilities.
Adapting to an Evolving Threat Landscape
Cyber threats are constantly evolving. New types of malware and increasingly sophisticated hacking techniques mean that the Moffitt’s Information Security team must always stay one step ahead. Moffitt’s Threat Assessment Center does this by closely monitoring cybersecurity trends, staying informed about potential threats and participating in simulations to test the hospital’s defenses. This proactive approach is key to preventing attacks before they can cause harm.
While doctors and nurses are on the front lines of patient care, Moffitt’s Information Security team plays a very important role behind the scenes. By safeguarding sensitive data and ensuring the smooth operation of medical and research systems, we help protect the trust patients’ place in Moffitt. Our vigilance ensures that our hospital, clinics and research facilities remain safe, secure and able to focus on what truly matters: to contribute to the prevention and cure of cancer.
This story was written by Mark Fleeting, manager of Cyber Operations at Moffitt Cancer Center.
