Mixed News for Health Care Data Security

Sue Marquette Poremba
Slide Show

Five Digitally Vulnerable Areas Your Business May Be Overlooking

The Ponemon Institute and ID Experts released the Fourth Annual Benchmark Study on Patient Privacy and Data Security earlier this month. Health care-related security issues seem to be less discussed these days, as other industries and organizations have grabbed the security headlines. But just because we aren’t hearing about breaches within hospital and insurance networks doesn’t mean they aren’t happening.

I think the release of this study is good timing, with the deadlines for the Affordable Care Act (ACA) quickly approaching. With more people entering the health care (and insurance) system, there will be a correlated rise in the amount of personally identifiable information (PII) available. The Ponemon and ID Experts study gives us a good idea where the security risks within the health care industry are.

The good news from the study is that the number of data breaches has decreased slightly over the past two years. Also, the health care industry is doing a better job at controlling the costs involved in a data breach.


However, the report also revealed some very serious security flaws within the health care industry. For instance, the report stated:

Insider negligence continues to be at the root of most data breaches reported in this study but a major challenge for healthcare organizations is addressing the criminal threat. These types of attacks on sensitive data have increased 100 percent since the study was conducted in 2010 from 20 percent of organizations reporting criminal attacks to 40 percent of organizations in this year’s study.

The health care industry isn’t immune to the security concerns brought on by the rise in BYOD use and the cloud. Even though nearly nine of 10 employers allow employees to use personal devices to access the organization’s network, more than half of the companies are worried that not enough is being done to make sure those personally owned devices are secure. And 40 percent say that they believe mobile device use is a top security concern overall. The use of public cloud options has generated concerns similar to mobile use.

An article in eSecurity Planet shows why issues like employee negligence and mobile devices plague the health care industry. A lost flash drive with patient data on it has put 500 young people at risk of identity theft.

Last month I wrote that the medical industry is ripe for hackers. The Ponemon and ID Theft study adds to that theory, particularly when it comes to ACA:

Respondents in 69 percent of organizations represented believe the ACA significantly increases (36 percent) or increases (33 percent) risk to patient privacy and security. The primary concerns are insecure exchange of patient information between healthcare providers and government (75 percent of organizations), patient data on insecure databases (65 percent) and patient registration on insecure websites (63 percent of organizations).

The health care industry, from doctor’s offices to insurance agencies, is fertile ground for identity thieves and hackers because of the sheer amount of PII available. Perhaps it is time to take another look at the way the health care industry handles security, especially in light of the growth of BYOD and the public cloud.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Close
Thanks for your registration, follow us on our social networks to keep up-to-date