As the wave of data breaches continues on, businesses are tasked with securing information using more stringent methods. Of course, data breaches are not something new just because we’re living in a tech era; before common computing, a data breach simply meant that there was a viewing of personal information without authorization. The focus remains on current technologies simply because of the advancement of it; nowadays, breaches can impact hundreds of thousands – often millions – just from a single attack.
According to Gemalto (News - Alert), the health care industry accounted for 21.1 percent of total 888 global data breaches in the first half of 2015 alone. While we have laws and regulations such as HIPAA or the PCI (News - Alert) Data Security Standard, these are merely frameworks for the required safeguards. They do not stop data breaches from happening.
The report also says that healthcare accounted for 34 percent of total breached records, coming in as the highest in the industry.
The statistics are scary, especially when you consider industry projections. According to CSC (News - Alert), over one-third of all data will live in or pass through the cloud by 2020, while data production is estimated to be 44 times greater than it was in 2009. Just this year, Anthem had 80 million records compromised.
“We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks. While employee negligence and lost/stolen devices continue to be primary causes of data breaches, criminal attacks are now the number-one cause,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute (News - Alert), in a statement regarding a report on healthcare data breaches.
According to the FBI, criminals are targeting the healthcare sector simply because it is rife with information; individuals’ personal information, credit information, and protected health information (PHI) are accessible in one place. For hackers, this means a high return when this data is monetized and sold.
While no company wants to suffer a data breach, healthcare providers and their business associates stand to lose even more from a data breach, with penalties under HIPAA for inadequately protecting personal health information.
How can organizations mitigate these risks?
Establish data protection policies and communicate them clearly to employees, strategic partners and customers. According to Trend Micro (News - Alert), “80 percent of organizations, regardless of size, believe managing and monitoring end-user privileges and entitlements is the most important security measure against data breaches.”
If you fail to safeguard sensitive information you could put yourself at risk for expensive lawsuits. Here, failing to plan is essentially planning to fail.
Healthcare is a vast industry, but there are tools and resources in place to help mitigate data breaches of all kinds. Continue to seek out the latest factual information about data security incidents and how to best protect sensitive information.
Edited by Rory J. Thompson