Data Breaches - A Growing Problem In Healthcare OrganizationsMain Category: IT / Internet / E-mail
Article Date: 07 Dec 2012
Many healthcare organizations allow employees to bring smart phones, tablets and other sophisticated data-gathering devices into their offices and to connect to their networks or enterprise systems, the third annual study on Patient Privacy and Data Security revealed today.
The authors wonder whether BOYD (bring your own device) is a security hazard that healthcare organization are simply not aware of.
The report, published by the Ponemon Institute and the Health Information Trust Alliance, revealed that the healthcare industry continues lagging behind most other sectors of the economy regarding stopping data breaches.
The 2012 report states that 94% of 80 healthcare organizations that took part in a survey admitted to at least one data breach during the previous 24 months; 45% said they knew about at least five data breaches, compared to 29% in the previous report.
Over half of all the organizations surveyed said that they had at least one incident of medical identity theft. Only 18% said they were sure the theft was the result of a data breach - 32% said they were unsure.
Over half of all the health organizations said they had little or no confidence in their ability to detect breaches. Just 40% said they can confidently prevent or rapidly detect all patient data loss or theft.
Data breaches have cost US health organization $6.78 billion every year.
BOYD does help productivity, time and motion experts have shown. Technologies today which promise greater productivity and convenience include mobile devices, file-sharing apps and cloud-based services - all very hard to secure. There is the risk that somebody in the company may take some of the data somewhere else, including confidential patient information, where it could end up in the wrong hands.
The authors wrote:
"Another worry presented in this research is that sophisticated and stealthy attacks by criminals have been steadily increasing since 2010.
Insider negligence main cause for data breachesIn 46% of data breaches, the employee's computing device was either lost or stolen, which the authors attribute to carelessness.
In 42% of cases, the breach was caused by employee mistakes or unintentional actions.
Third party SNAFUS is also a relatively common cause of data breaches.
The number of targeted criminal attacks on healthcare organization databases has also increased.
How secure are these devices?The authors explained that when they asked healthcare organizations how confident they were that the devices their employees bring into the office and take home are secure, the most typical answer was that they were not confident at all.
Among healthcare organizations that were covered in this report are:
What should hospitals do to curb data breaches?The authors say that they should:
Of more concern is the low priority many leaders give to data breaches, the Ponemon Institute said. When compared to other sectors of the economy, such as banking, healthcare seems relatively unconcerned.
Medical devices, such as insulin pumps, mammogram imaging machines and wireless heart pumps have loads of sensitive patient data - most of them are connected wirelessly to commercial PCs and are vulnerable to cyber attacks. Most healthcare organizations do not secure their medical devices. The authors think that this is because organizations believe it is the responsibility of the medical device vendor to protect the products, and not theirs.
Written by Christian Nordqvist
Copyright: MediLexicon International Ltd
Original article posted on Medical News Today.
Articles not to be reproduced without permission of Medical News Today