Because of the increasing value of patient data on the black market, health care providers are experiencing significant increases in the magnitude and volume of attacks on their IT systems and users. It has become clear that medical firms are simply losing the battle, but the war is far from being over, and there is still plenty of time to improve and begin to reduce the risk of data breach in this sector as the years go on.
There is, on the other hand, no time to sit around waiting for matters to improve on their own, as a significant amount of work needs to be done to bring performance up to more reasonable levels. People, process and technology all must be covered in IT security strategies, and many firms are missing one or more of that triad in practice, leading to vulnerabilities that quickly spell disaster for data privacy and corporate integrity.
A combination of enhanced training and development, the incorporate of secure cloud services, deployment of email encryption and a more focused effort to improve policies can go a long way in mitigating threats proactively for these firms and others. Additionally, keeping an ear to the ground for new research and trends will be invaluable in the long run, especially given the accessibility of valuable studies and information on topics relevant to security and compliance in health care.
To ensure that the rest of the decade is not as damaging as the first five years have been, medical organization decision-makers must understand their own responsibility in this discussion. Government agencies and law enforcement are certainly picking up the pace to try and help out in this regard, but the war will only be won when those responsible for generating, storing and sharing patient data are taking the initiative upon themselves.
Two new studies provided some insights for health care leaders to digest.
Culture in question
The Workgroup for Electronic Data Interchange, more commonly known as WEDI, recently released a new study on the cultural issues taking place in the medical sector that are leading to increased levels of risk across regions and segments. The analysts believed that one of the more important matters to remember is that culture plays a significant role in an organization's security performance, and managers need to ensure that they are cultivating internal values that put security first.
The researchers pointed to data regarding the real and present dangers seen in the health care community today.
"The frequency, scope and sophistication of cyberattacks are growing at a worrisome rate in health care. Between 2010 and 2014, approximately 37 million health care records were compromised in data breaches. But in the first four months of 2015 alone, more than 99 million health care records have already been exposed through 93 separate attacks," WEDI President and Chief Executive Officer Devin Jopp, Ed.D, affirmed. "The risk of cyberattacks is no longer limited to the IT desk – it is a key business issue that must be addressed by executive leadership teams in order to build that 'culture of prevention.'"
Additionally, WEDI included information in the report regarding how health care providers can better handle cyberattacks throughout their lifecycle, as well as how these issues are taking form in the modern era. Studies like this can often help to illustrate some of the challenges that are holding medical organizations back from more effective security performances without having to experience a breach themselves.
Apps are lackluster
Since enterprise mobility first gained traction in the public and private sectors, there has been a significant lag between the number of firms deploying relevant policies and the volume of those doing so in a secure fashion. Device security has finally started to improve in health care and beyond, but a new study revealed that the application protection is lackluster, which should be troubling given the high rate of information traveling through software in the sector.
Dark Reading reported that the State of Software Security report from Veracode, an application testing service provider, found vulnerabilities in apps were widespread. The news provider pointed out that just under three-quarters of issues were left unremediated, which means that some entities are indeed uncovering vulnerabilities, but doing little to close the gaps in a timely fashion.
"It may be tempting in the face of repeated breaches - OPM, Target and Sony - to throw up one's hands, not to bother building secure applications and to give up on fixing vulnerabilities in the applications you've already deployed," Veracode Chief Technology Officer Chris Wysopal mused, according to Dark Reading. "The data in this report clearly shows that, by addressing the problem systematically and at scale, enterprises can significantly reduce application risk."
Getting a handle on culture and app security is critical to ensuring data privacy in health care today.