The health care industry has been under the gun of late because of the increasing prevalence of major data breaches that have exposed the medical records of millions of individuals around the globe. As more entities fall victim to these events, regulators, advocacy groups, the general population and others are beginning to bring down the proverbial hammer, demanding improvements be made and more stringent consequences be faced when negligence occurs.
From hackers and insider threats to employees who have not been properly prepared to handle sensitive information and communications safely, the risk management demands of modern health care security are vast and still expanding. What's more, entities operating in this industry are also tasked with adopting and optimizing highly innovative and somewhat uncharted technologies in a relatively short period of time, including mobility and electronic medical record systems.
Most of the trends to have revolutionized the private and public sectors in the past few years have been specifically well-received by health officials and professionals, as evidenced by the rapid adoption rates seen in these markets. Big data and mobility are two examples of trends that have already helped to improve patient care and medical firm efficiency, while telemedicine and the Internet of Things will likely be even more prolific in the coming years.
Virtually none of these trends - nor general operations management - come without security threats, though, as hackers and other risks continue to target core communications and information sharing platforms to steal data. No matter what type of IT or communications strategy might be in place, health care companies must ensure that they are shoring up defenses for everything from email security to network access management.
Core themes in risk management
Healthcare IT News recently reported that the medical sector has certainly faced a quickly accelerating level of security incidents in the past few years, citing Verizon's latest Data Breach Investigations Report that found 80,000 events were experienced across industries in 2014 alone. The source interviewed Suzanne Widup, the senior analyst on the Verizon RISK team that put together the report, and pointed out that health care accounted for 234 of those incidents last year, as well as 141 data breaches out of the total 2,100 identified.
The study gave helpful information with respect to the ways in which entities are losing data to thieves and other threats, many of which have been consistent for the past few years. For example, Healthcare IT News cited the finding that 26 percent of incidents were caused by physical loss or theft, making this the most common issue, while insider misuse, errors, denial-of-service attacks and application events rounded out the top five.
Another strange but enlightening note was the finding that threats are changing their tactics to still thwart medical firms' security improvements. According to the news provider, Verizon found that attacks in this industry are most similar to those on personal laundry services, human resources administration and performing arts companies, and noted that this has been an effective approach, but nonetheless bizarre.
"A lot of different industries have the same attack profile, even though they're not really related," Widup told Healthcare IT News. "If you're going to be doing any kind of intel sharing, look at the other industries that actually have common attacks as the same one you're in because you might actually get better data from them than you do with industries you think are more closely related."
In a word, the frequency of attacks and problems that lead to data breaches is rising, while health care providers appear to have been far behind the eight ball when it comes to keeping up with the demands of protection.
The lasting impact
Consequences of data breaches are generally broken down into reputation and financial damages, but Deloitte recently asserted that the events are also holding the medical industry back from improving in an article for The Wall Street Journal. The firm stated that medical information is not all that relatable to other types of data in the sense that it is more valuable and sensitive, while the sector still has a long way to go on the path toward raising awareness.
Deloitte suggested that breaches are stifling the prospect of innovation and progress on a large scale given the amount of time, money and resources that need to go into resolving the fallout of the events and further fortifying the systems in place. However, the analysts did state that risk reviews, better communication of security practices, and investment in the necessary programs and solutions might help in the long run.
By leveraging smart, simple protections such as email encryption and secure cloud services, medical firms can at once embrace modern trends and better defend patient data, all the while maintaining compliance with HIPAA and other regulations under which they are covered.
David Bailey is Senior Vice President at Protected Trust.
Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services. More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.
Comments (0)