Dive Brief:
- While nearly all U.S. healthcare organizations including providers are collecting, storing or sharing sensitive information within technologies like cloud platforms, fewer than 40% encrypt data in such environments, according to a new report by French security company Thales and analysis firm IDC.
- Seven in 10 organizations reported they had experienced a data breach at some point, and a third said there had been a breach in the past year. Thales said those numbers are the highest among industries it has studied.
- While the country's healthcare organizations may realize the threat, with 40% acknowledging they are "very" or "extremely" vulnerable, they appear overconfident in their ability to thwart security lapses. The survey showed 73% of respondents felt their security for new technology deployments is "very" or "extremely" secure.
Dive Insight:
The healthcare industry faces a persistent threat to data security, with volumes of sensitive — and lucrative — information gathered daily. Other surveys have shown the sector to lag in resources for combating breaches in terms of budget and people dedicated to security.
"When sensitive patient information is breached, it poses significantly longer-term risks compared to other sectors — sometimes indefinitely," Frank Dickson, program vice president for security products research at IDC, said in a statement. "Healthcare data is especially attractive to hackers because it's far more valuable than other kinds of data that can be accessed and exploited. When healthcare data is stolen, damage cannot be fully mitigated. A credit card can be canceled or a bank account can be closed, but private patient data circulates endlessly which opens opportunities for various types of fraud to occur again and again from a single breach."
The findings jibe with other recent reports. An Integris Software survey from last month found 70% of mid- to large-size healthcare companies in the U.S. were confident in their ability to manage sensitive data, but half updated their inventory of such data once a year or less.
A data breach that originated with billing collection vendor American Medical Collection Agency this year has hit a number of healthcare companies, including lab giants Quest Diagnostics and LabCorp.
While breaches a major threat that can result in high fines and legal fees, IT security is important for other reasons as well.
The malware strain that targeted healthcare organizations, including a massive disruption to dozens of hospitals in the United Kingdom two years ago, is still surfacing. About 40% of delivery organizations experienced at least one WannaCry attack in the first half of this year, according to cybersecurity firm Armis.
The Thales report took information from 100 U.S. healthcare respondents to an international web-based survey of 1,200 executives with responsibility for IT and data security.