Another day, another breach

By Darren Leroux
May 07, 2014
08:05 AM

Today, patient data resides everywhere – desktops, laptops, smartphones, tablets and USB drives. Understandably so – given the rise of mobile computing and bring-your-own-device (BYOD) policies in healthcare, the once straightforward process of protecting patient’s private health information has since evolved into a complex and overwhelming undertaking. Gone are the days where personal health information lived solely in giant filing cabinet.

When we refer to personal health information at risk, we’re not just talking about historical health records – the potential for a data breach casts a much wider net, including patient billing information, clinical trial data and even employee information like payroll numbers. With so much sensitive, unprotected data up for grabs, we’re inclined to ask ourselves – why? Why does this keep happening, and what can we do to fix it?   

Think of it this way - according to a recent study, 81 percent of healthcare organizations are now allowing employees and medical staff to use their personal laptops and mobile devices to connect to provider networks or access company email.  Interestingly enough, the same study found that of that 81 percent of healthcare institutions enabling a BYOD strategy, 54 percent did not believe that those devices were secure enough in the workplace. 65 percent of data breaches reported to the Ponemon Institute occurred on laptops and mobile devices over the last 5 years. With these kinds of statistics, it’s really no wonder that more than half of those surveyed aren’t confident in the security of their devices, right?

Below are the top 3 gaping security holes in remote healthcare data practices that are answering our question of why this rise in breaches is happening:

  1. Ignorance of Government Regulations

According to a recent report, HIPAA data breaches have increased by 138 percent since 2009. It’s easy to get caught up in the hype around compliance and regulation, but ultimately you can end up missing the bigger picture of what is trying to be accomplished. Regulations aside, healthcare CIOs and CSOs need to ensure that they are still performing a comprehensive, thorough analysis of their security infrastructure. Furthermore, compliance is technically a one-time snapshot or status of where things stand – or should stand. Given the fluidity of IT and the continually emerging threats and vulnerabilities, simply focusing on compliance alone is short-sighted and can end up creating a false sense of security that your mobile systems and information are truly secure.

  1. Inadequate Resources & Budgeting Allocations

According to a recent study from Cisco, 63 percent of healthcare institutions do not feel that they have the sufficient resources to defend against a security breach. The same study found that 66 percent of healthcare institutions did not feel that their security financial budgets were sufficient with what capabilities are needed.

CIOs and CSOs don’t have the luxury of waiting until the time is just right to invest in data security technology. Data is sensitive, especially that within the healthcare industry. Leaders in this space must start incorporating better practices when it comes to protecting patient data.

  1. Internal Employee Negligence

Mistakes happen, we’re all human. Unfortunately, the repercussion of human error like negligence continues to top the list for causes in data breaches.  Examples of employee negligence can range from misplacing a USB with stored private patient health information to accidently leaving a laptop in a public place. Encryption is the only failsafe way to ensure that private health information is not compromised if a device has been lost or stolen. 

Fighting Back

As we mentioned earlier, patient data is everywhere – mobile devices, laptops, desktops and even medical devices like wireless heart pumps and mammogram imaging tools. Health data has evolved into a matrix of interrelated data, flowing from patients/customers to physicians, diagnostic clinicians, pharmacists and medical insurance billing specialists, among others. The industry as a whole must look beyond simple data security/compliance and towards a holistic security program that fosters a long-term data security strategy. The most effective and comprehensive strategies are centered on protecting actual data and not just the device – however, it’s equally important to allow for ease-of-use and accessibility.

As we look ahead, managing information risk is more than just addressing the checkbox items.  Healthcare CIOs and CSOs need to first understand what kind mobile and remote solutions they have at hand, how these devices are putting private health information at risk and what can be done to remain secure.

We recommend that data is encrypted on both at-rest and mobile devices. Encryption needs to be transparent enough for IT admins working behind-the-scenes to be able to integrate the capability across platforms seamlessly, and offer no disruption to the end-user experience. It’s important to remember that as important as data security is in the healthcare industry, accessibility and providing the ultimate patient care is top of mind for providers.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Capitol rotunda at sunset
Congress releases AI policy blueprint

Most Read

Winning cybersecurity warfare is the ultimate millstone for CISOs
A passwordless future for clinicians? Industry paper points to a new paradigm
White House OMB is reviewing proposed cybersecurity updates to HIPAA
HC3 alerts providers of Scattered Spider threat
New Oracle EHR promises AI-enabled reinvention
Work like 'a beehive, an ant colony' to protect against cyber intruders

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

More Stories

Dr. Eric Liederman, CEO of CybersolutionsMD
Q&A: CybersolutionsMD CEO on preventing cyberattacks
Change healthcare booth
Nebraska sues Change Healthcare over ransomware attack
Vijayashree Natarajan of Omega Healthcare on AI
Three for 2025: data security, cancer informatics and agentic AI
Capitol Hill
Congress looks set to extend telehealth and hospital-at-home flexibilities
Josh Di Frances at LG NOVA_Top down view of startup team Photo by NanoStockk/iStock/Getty Images Plus
What a startup pitch competition shows about IT innovation
Ravi Teja Karri of Froedtert Health on AI
Using AI and ML in predictive analytics for bed demand forecasting
Abstract image of AI brain and technology
ASTP updates HHS AI Use Case Inventory for 2024
Female doctor on laptop smiles at patient in foreground who is taking notes
Report shows overwhelming doctor support for virtual care