Device Theft and Loss Still Top Issue in Healthcare
Device Theft and Loss Still Top Issue in Healthcare

There are three patterns of behaviour that account for 86% of all healthcare data breaches. And hacking? It’s not nearly as much of a problem as loss and theft of unencrypted devices continues to be. A new report from Verizon has just cracked open the information on healthcare data and how it’s breached, offering valuable insights into healthcare data protection.

In the 2015 Protected Health Information Data Breach Report, Verizon reviewed 392 million records from 1,931 data breaches from 2004 to 2014, looking at breaches that affected not only the healthcare industry, but also breaches that contained medical records or patient data, broadening the scope of the report substantially. The report found that PHI data breaches affected nearly every industry, though of course mostly the healthcare industry (followed by the public sector and finance). Many of the organizations breaching PHI may have no idea they have such data in their organization. Perhaps as troubling, time to discovery of data breaches falls into months—and sometimes years—so our true understanding of healthcare breaches is inherently flawed by under-reported figures.

The report highlights that the primary action of attack is theft or loss of portable devices (laptops, tablets, thumb drives) followed by human error and finally misuse / malicious insiders. Together, these three actions make up 86% of all breaches of PHI, compared to the nine patterns of actions that make up data breaches across all industries. In the past year, we’ve seen some major hacks in healthcare skew the focus toward hacking as a top priority, but this report re-enforces the need for accurate risk-based analysis and security planning. The healthcare industry has been wary of security measures that could affect performance of devices, as Dark Reading notes, but reports indicate that lost or stolen devices not used in patient care may still contain PHI or, just as importantly, credentials to systems that hold medical records.

With nearly half of the US population affected by breaches of PHI since 2009, it’s time healthcare organizations take control over their data. In our whitepaper, Best Practices for Healthcare Data Breach Prevention, we discuss many specific ways you can achieve data protection and compliance, including policy, process and layered-technology defences. Our whitepaper focuses specifically on the risks presented by “people” and by device theft and loss, two of the primary causes of data breaches of PHI.

Absolute DDS for Healthcare is a critical part of an effective layered security model, providing lifecycle security, risk assessment and risk response to help organizations prevent costly data breaches. With Absolute DDS, it’s all about the connection. By maintaining a two-way connection with each device, you have the insight you need to assess risk and apply remote security measures so you can protect each endpoint and the sensitive data it contains. Learn more about Absolute’s security solutions for healthcare here.

ABOUT THE AUTHOR

Arieanna Schweber

Arieanna Schweber has been a part of the Absolute writing team since 2007. Arieanna was Canada’s first female professional blogger and has been professionally blogging since 2006 and has spoken at leading blogging conferences including BlogHer and Northern Voice. Arieanna has a joint degree in Business and Communications from Simon Fraser University and continues to build communities for Vancouver-based clients.