2015 has oft been cited as the “Year of the Healthcare Data Breach,” and sure enough the data for the year has been supporting this. The average cost of a data breach is highest in healthcare than in any other industry, up now to $5.9 million per breach. With healthcare data breaches on the rise, being more targeted now than at any other time, and with the cost per breach rising, healthcare is being set a stiff challenge to protect sensitive data. Compounding this challenge is the fact that healthcare organizations face more “risky” scenarios than ever before.
In an article on CSO Online, Maria Korolow outlines the unique security challenges facing healthcare organizations, including:
- Personnel issues related to the large number of people who need to access patient records, some of whom are temporary
- Device issues, with sensitive data spread across many devices – laptops, mobile devices, servers, desktops and specialized devices for inputting medical data
- Medical equipment issues related to devices that often have closed systems and can create a back door into hospital networks
The value of PHI to cybercriminals just keeps going up, meaning that cybercriminals are out to exploit any weakness they can find. Forrester estimates that 78% of data breaches in the healthcare sector are due to lost or stolen devices. Other estimates tie up to 90% of all security incidents back to “people” – mistakes, phishing, bad behaviour, or lost stuff.
The article on CSO Online talks about the need to protect all devices that access sensitive data: to quickly be alerted of loss, to remotely wipe data, and get the clinician up and running again. The article reiterates the importance of ongoing updates to security controls in healthcare and how well those security controls are managed. In addition, the issue with “people” being the root cause of many data breaches is a reminder to focus both on education and on data breach preparedness – since mistakes will happen.
How Absolute can help: Your data security strategy should be bolstered by a persistent security and management solution that offers IT a trusted lifeline to each device in their deployment, regardless of user or location. Healthcare organizations around the world rely on Absolute to secure devices and the sensitive patient data they contain. To learn more about how we can help mitigate data breach scenarios, visit our website.