It might seem as though journalists and analysts have been beating a dead horse with the information on health care's severe IT security struggles, but awareness is critical in the fight against modern cybercrime. This is especially true given the widespread prevalence of data breaches caused by negligence, a lack of training or simple error, as those particular issues have been the first or second biggest ones in the industry for years now.
Sure, there have been more pure attacks against the health care sector of late, with some researchers logging a 125 percent increase in the frequency of assaults on medical databases given the higher value of the files therein on the black market. However, the same types of security best practices that work to reduce the threat of overt attacks will also go a long way in lowering the prevalence of human error, negligence and other avoidable causes of breach.
A new report revealed some of the more prominent themes in the IT security discussion among leaders in the field, as well as just how commonly hospitals and other medical entities are being victimized by intrusions and data exposure. Organizations must keep their ears to the ground when it comes to this type of research, working to identify the most pressing issues and threats, then mitigating them in stride to protect themselves more proactively.
Far too many victims
The Healthcare Information and Management Systems Society, more commonly known as HIMSS, recently released its 2015 Cybersecurity Survey, which questioned nearly 300 chief information security officers. According to the report, roughly 87 percent of these individuals have made IT security a high priority, which is good news given the need for more concerted efforts to invest in the right technologies and practice the proper techniques to mitigate threats.
Right now, HIMSS discovered that the average health care firm is using as many as 11 different tools for security purposes, which does not necessarily mean that those entities are better protected. Remember, centralization and efficiency are key in the security equation, as threats evolve too quickly to develop a perfect strategy that can withstand the test of time for more than a few months.
The researchers also pointed out that roughly 66 percent of the respondents had indeed been victimized by a data breach in the time leading up to the report, which is somewhat lower than other studies have indicated. At the same time, one consistent finding was related to the cause of breach, which HIMSS found to be employee negligence. Sixty-four percent of the respondents did note that they had seen hackers breach their systems, though.
Finally, another positive result from this research was that the majority of CISOs are now identifying intrusions within the first 24 hours, which can go a long way toward reducing the overall damage of the event.
Time to wake up
If employee negligence is indeed the biggest threat to patient data security, something needs to be done soon to quell this issue. It might seem easy to simply blame the staff member who made the mistake, but that will be a cosmetic fix at best. Rather, health care organizations should always look at breaches as institutional failures, no matter what actually caused the event.
Getting everyone on the same page through persistent training programs and easing the strain of security on employees with intuitive email encryption and secure cloud services can go a long way toward reducing these institutional failures and better protecting sensitive information over time.