According to the ITRC, there were 277 reported data breaches in healthcare during 2015, which accounted for 35.5% of all data breaches recorded in the US last year. While the number of data breaches in healthcare came second to the business sector, the data breaches in healthcare nonetheless accounted for 67% of all breached records – over 112 million breached records.
One in three Americans will have their healthcare records compromised by cyberattacks in the coming year, a new study predicts. This is a radical figure, one which follows on the heels of the Verizon report earlier this month, which indicated that half of Americans had their healthcare records compromised since 2009.
There are three patterns of behaviour that account for 86% of all healthcare data breaches. And hacking? It’s not nearly as much of a problem as loss and theft of unencrypted devices continues to be. A new report from Verizon has just cracked open the information on healthcare data and how it’s breached, offering valuable insights into healthcare data protection.
The Health Information Trust Alliance (HITRUST) and Deloitte Advisory Cyber Risk Services, in coordination with the U.S. Department of Health and Human Services (HHS), recently conducted a cyberattack simulation in the healthcare industry to gauge the readiness of each organization’s cyber incident response plans. The results of the simulation reveal that current incident response plans in healthcare are inadequate in preventing data breaches. The simulation revealed a number of actions that can be taken to improve incident readiness and overall resilience.
The most secure organizations are ones where there is a culture of security that is embedded top-down, where every employee, from the board to the mail room, understands their role in protecting corporate data, with tools that both support, enable and protect data wherever it resides. We’ve seen various studies this year quantify the importance of top-down prioritization of data security, with indications that the top-performing organizations in terms of IT security are those with strong board and executive engagement on the topic.
As was predicted nearly a year ago, 2015 has been the year of the data breach. And yet, the reality is that there haven’t necessarily been more data breaches in 2015 than in 2014 (statistics show breaches nearly on par between 2015 and 2014), but that the breaches have been larger than ever before. Such large data breaches have created a culture of fear, affecting consumers and organizations alike.
Being compliant does not mean your organization is safe, nor does it mean that your organization is immune to repercussions at the hands of a data breach. In an article on CSO Online, Compliant does not equal protection: our false sense of security, I discuss the nuances of regulatory compliance and how, while important in driving protection standards, they could lead to complacency in setting security standards.
While we have seen many organizations in the healthcare industry with mature security postures, as a whole the healthcare industry continues to struggle with security. According to the latest release of Digital’s Building Security in Maturity Model (BSIMM6), the healthcare industry lags behind other sectors when it comes to software security.