Data breaches cost the healthcare industry an estimated $5.6 billion annually. This isn’t surprising since 90% of healthcare organizations reported at least one data breach in the past 2 years – and 38% reported more than 5.
In a post on HealthITSecurity, Elizabeth Snell writes about two recent examples of how “Equipment Thefts Lead to Health Data Security Breaches.” In her article, Elizabeth details the breach at Valley Community Healthcare in California following the theft of a laptop from an EKG room; the second breach involved the theft of two backup hard drives from the Indiana State Medical Association. If you look at the 2015 data breaches reported so far, you will see a pattern of mistakes in the handling of data devices that have resulted in data breaches, often affecting the healthcare industry.
As Elizabeth notes, “Healthcare organizations need to remain diligent in how they store, transport and access sensitive patient data.” 78% of data breaches in the healthcare sector are due to lost or stolen devices, a fact which is often overlooked by the recent focus on cyber attack. While cyber attacks are indeed on the rise, the endpoint remains a vulnerable point for most healthcare organizations. These risks come from data stored on the endpoint as well as contributing data or network access, which could facilitate a successful cyber attack.
Healthcare organizations can take control of data security, ensuring that when data breaches do happen (people will make mistakes), they may not lead to a data breach. Good endpoint security solutions, such as Absolute Computrace, offer key security functions in governance, risk management and compliance (GRC). Our solution includes an audit trail to show who viewed the data, whether it has been changed, where it resides, and how it’s protected (including the status of encryption); if files are deleted, the audit trail can prove it. This is all supported by Persistence technology, which cannot be removed. Absolute Computrace can help you supply the ‘burden of proof’ required by HIPAA, avoiding a costly data breach notification requirement.
For more on healthcare data protection, visit our website or read our recent article on the “Top Tips for Keeping Patients’ Healthcare Data Protected.”