Why is your third-party printer's security so important?
Most third-party breaches by industry:
- #1 Healthcare
- #4 Finance
In highly regulated, private, and sensitive industries like healthcare and finance, your customers are extremely concerned with how their personal information is being managed. They expect you to protect their most sensitive information such as:
- Social security number
- Birthdate / place
- Phone number
- Home address
- Passwords
- And to get more specific:
Healthcare
- Physical health records
- Mental health records
- Test / lab results
- Appointment data
- Family history
- Existing conditions
Finance
- Banking information
- Account numbers
- Credit score
- Payment history
- Tax return information
- Account balances
Companies in healthcare and financial services know that cybersecurity can make or break their business. But when it comes to your customers’ experience, you’re only ONE piece of the puzzle.
You might make cybersecurity a priority… but what about your third-party partners? More specifically, what about your print provider?
In 2022, a team of ethical hackers at CyberNews conducted an experiment that lit a fire under printers worldwide. In an effort to raise awareness about print security, they hijacked nearly 30,000 unsecured individual printers.
The hackers didn’t do any real damage, but they certainly sent a message…by printing off guides on how to secure a printer.
If hackers can gain entry to an individual printer, that’s just the beginning – once they’re in the door, they can maneuver through the network and access other sensitive information such as protected files, login information, and more.
Why do healthcare and financial organizations need a secure print partner?
Though it sounds obvious, healthcare and financial providers aren’t in the business of printing – they’re in the business of healthcare and finance – but they still need a way to connect with their customers and send them important information. That’s why they work with third-party printers for patient / customer communication: third-party printers are experts in customer communications and help them get in touch with their customers by sending personalized direct mail, like appointment reminders, tailored packages, and more.
Customers appreciate that personalized direct mail, and it’s an effective way to communicate with them: direct mail open rates can be as high as 90%, and 70% of consumers say it’s more personal than digital interactions.
But if your customers don’t trust you with their personal information, none of that matters.
When you work with a third-party print partner, it’s important to remember whose data is at risk: your data AND your customers’ data.
Healthcare providers – if you’re sending out the following via direct mail…
- Appointment reminders
- Test results
- Condition brochures
- Health insurance information
- Pharmaceutical information
- Tailored advertisements
Financial services – if you’re sending out the following via direct mail…
- Financial statements
- Bills
- Credit card application information
- Loan applications
- Benefits communications
- Tailored advertisements
…you’re sending sensitive PII that could devastate your customers if your third-party print partner were to be breached. You need to partner with a secure printer.
What are you doing to enhance your patients’ experience? Learn how to improve patient loyalty by improving their experience with our recent blog, “Optimizing the Patient Journey.”
Third-Party Risks in Secure Printing
When a company is hit with a data breach, they lose more than just their data. It’s a domino effect that hurts nearly every aspect of their business.
Financial Risk
According to the 2022 “Cost of a Data Breach Report” conducted by IBM, the average cost of a data breach in the United States is over $9.4 million. And that’s just the cost of the breach – not counting the extended fallout from lost customers, business disruption, and legal fees. Hackers are increasingly financially motivated, especially when they’re targeting industries at that perfect intersection of highly profitable and highly sensitive…like healthcare and finance.
Reputational Risk
Across the globe, lack of trust costs brands $2.5 trillion per year. It only takes one bad experience for a customer to lose trust in you forever. And in the case of a data breach, odds are high that a significant amount of your audience would be impacted – causing lasting damage to your reputation and hurting your ability to attract and retain new customers.
Legal/Regulatory Risk
Healthcare and finance companies are highly regulated by strict federal privacy laws, such as HIPAA, the Fair Credit Reporting Act, and the Gramm-Leach-Bliley Act. When they violate those regulations by failing to protect their customers’ data, they face severe legal consequences and steep fines. Beyond that, customers whose data was impacted by a data breach may decide to take legal action.
Business Disruption Risk
Recently, a hospital in Illinois shut down due to a ransomware attack – and while data, jobs, and technology were all lost in the breach, the impact stretches much further than that. Residents of the Illinois town have been left without a hospital within at least half an hour of their home.
When healthcare or finance data is breached, the company and its customers all undergo great loss…and if the damage is severe, it may lead to a disruption or complete halt in business. The period after a data breach is one of great reflection while a company picks itself back up, and that can really slow them down. If any networks, systems, or technology need to be secured or repaired in any way, that can put operations on pause. When coming back from a cyber attack, employees might need to be trained, new security solutions might need to be installed, or leadership might need to pursue an IT audit. Any number of adjustments may need to be made before a company can continue business as usual.
Strategic Risk
All of the above risks come together to concoct a perfect storm…a storm that can throw your strategic goals all the way off track. In the aftermath of a data breach – of the fallout, response, and rebuilding of their cybersecurity program – a company may be unable to meet financial or business goals.
For healthcare providers and financial institutions, protecting your clients’ sensitive and personal information is crucial. Not only is it a key contributor to your customers’ experience, but partnering with an unsecured printer can have serious implications for your business as well.
Is your third-party printer secure? How do you know?
How do you know if you're working with a secure printer?
In a recent survey on data security, a respondent summed up their thoughts in a powerful quote: “My biggest concern is that if there was a breach that they would know where I live and have all my info. Money can be replaced, but my daughter cannot.”
When customers entrust you with their personal data, they’re entrusting you with their livelihood. And you might do everything you can to protect that data…but how do you know the partners you work with are doing the same?
While you can’t control your providers’ cybersecurity practices, you can make informed decisions about who you do business with.
When conducting a third-party risk assessment, look out for secure printers with credible certifications like:
- HIPAA (Health Insurance Portability and Accountability Act)
- SOC 2 Type II (Service Organization Control)
- ISO 27001 Certification
With these data security certifications, businesses can rest assured that their (and their customers’) confidential data is being protected and managed securely.
Drummond is one of very few secure printers in the U.S. that is HIPAA, SOC 2 Type II, and ISO 27001 certified. Learn more about how we protect our customers’ data.
What is HIPAA Certification?
HIPAA is a federal law that protects sensitive patient information and personal health information (PHI). Under HIPAA, patient information must never be shared without their knowledge. All healthcare providers in the United States are regulated by HIPAA and must keep it top-of-mind in all patient communications.
Data protected under HIPAA includes, but is not limited to:
- Health conditions
- Healthcare payment information
- Medical record numbers
- Identifying information like social security numbers and account numbers
- Conversations between providers and patients
- Billing information
When healthcare organizations are communicating with patients over mediums such as mail or email, it’s crucial that their third-party printers are HIPAA-compliant.
What is SOC 2 Type II Certification?
SOC 2 Type II certification ensures that third-party printers are operating under systems and processes that protect customer data. The authentication of SOC 2 Type II status is thorough. SOC 2 Type II certified printers undergo an audit of their services to confirm the security, availability, processing integrity, confidentiality, and privacy of customer data.
Businesses in all industries – including banks, insurers, healthcare organizations, legal firms, retailers, and more – that manage customer data or communicate with customers via printed or digital materials must ensure their third-party printer is SOC 2 Type II certified. It’s one of the most stringent measures a secure printer can take to protect their clients’, and their clients’ customers’, data.
What is ISO 27001 Certification?
ISO 27001 certified printers maintain an information security management system (ISMS) that complies with intensive security requirements.
ISO 27001 certified printers must complete a thorough risk assessment, and based on the results of that assessment, implement relevant security controls. The certification requires the confidentiality of sensitive information and mandates that personal data is available to authorized customers when they choose to see it. A cornerstone of ISO 27001 certified, secure printers is that they must demonstrate a commitment to continuous improvement through methods such as audits and internal analysis.
What’s the price of your customers’ trust?
71% of consumers are less likely to buy from a company that’s violated their trust. When you partner with secure printers who are certified under HIPAA, SOC 2 Type II, and ISO 27001, you give your customers confidence and peace-of-mind that their data is being handled securely.
Working with secure printers reduces your risk of data breaches, reputational damages, financial loss, and so much more. Customer trust is one of the most valuable assets a company can have…but once it’s lost, it’s one of the hardest to get back.
Even if you NEVER get breached (which is very unlikely in today’s landscape), trust is the most important bridge you can build between you and your audience. By risking their data security, you risk the future of your business altogether.
But by demonstrating a commitment to their safety and privacy, your customers are significantly more likely to choose you over their other options, time and time again.
How Drummond Can Help
Drummond has helped dozens of healthcare and financial providers deliver secure print solutions to their customers for almost 80 years. From direct mail to branded promotion to in-store signage, see how we fortify customers’ trust in their providers through secure print and marketing collateral.