Healthcare Security In 2015: 9 Hotspots - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Healthcare // Security & Privacy
08:36 AM
Alison Diana
Alison Diana
Connect Directly

Healthcare Security In 2015: 9 Hotspots

With data breaches growing, 2015 promises to be the healthcare industry's most challenging security year yet. These nine areas demand attention in 2015.
1 of 11

Healthcare organizations must tighten security or risk getting breached, penalized, and potentially ostracized by a public fed up with seeming carelessness with their personal information. Unfortunately, the task of securing protected health information (PHI) is only becoming more challenging for even the best-prepared organizations. Fitness bands, hospital portals, electronic health records, health information exchanges, insurance networks -- the list of Internet-connected devices, tools, and sites containing personal and medical data keeps growing.

The healthcare sector has been under attack for some time. In 2014, despite headlines dominated by JPMorgan Chase, Home Depot, and other retail or financial entities, the healthcare industry accounted for 43% of all major breaches, according to the Ponemon Institute.

Even attacks on companies that don't operate within the medical field can have healthcare-related consequences. When Sony Pictures Entertainment was hacked in November, cyberthieves apparently stole more than movies. They reportedly also took more than 25 gigabytes of data on tens of thousands of Sony employees, including medical and salary information, Social Security numbers, and addresses, according to Krebs On Security.

Within healthcare organizations, a whopping 93% of information held requires protection, according to EMC's The Digital Universe report. The data includes claims requests, PHI, and medical records. Yet only 57% of this information is "somewhat protected," while 43% is inadequately safeguarded, the report found. But IT professionals must balance security needs against healthcare professionals' need for fast access to data and applications; extra clicks can make a difference in a patient's life, after all.

"With the continuation of high-profile hacks, IT security, specifically distributed or mobile security, will be a renewed priority for many organizations," David Appelbaum, senior vice president of marketing at Moka5, told InformationWeek. "No one wants to be the next headline, and as the stakes go increasingly higher, the need for enhanced security that does not inhibit end-user productivity is becoming increasingly more of a requirement."

Healthcare organizations have been warned about the consequences of an insecure environment, and the cacophony of cautions grew following the Community Health System breach in August. Still, a frightening number of healthcare providers continue to ignore the alarms from a federal alphabet soup of agencies, including the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Food and Drug Administration (FDA). Consider:

  • More than 41% of healthcare organizations do not use endpoint encryption, even though approximately one-third of employees work remotely at least once a week, according to Forrester Research.
  • Sixty-eight percent of the industry's breaches since 2010 have occurred because files or devices were stolen, the Bitglass 2014 Healthcare Breach Report determined.
  • Hacker attacks increased 600% in the first 10 months of 2014 versus the prior year, Websense Security Labs' Carl Leonard told TechNewsWorld.

Attackers also are becoming more sophisticated, experts warn. Cybercriminals are seeking more information than ever about their victims to sell, Websense researchers cautioned. "These fuller, richer, personal identity dossiers of individual users, consisting of multiple credit cards, regional and geographic data, personal information and behavior, will be increasingly traded in the same manner that stolen credit cards are today."

Because this information often resides within health systems' databases or networks, hospitals are natural targets and require extraordinary defenses.

With so much cyberdanger to battle, it seems obvious the healthcare industry will face additional crises in 2015. None of the underlying security issues are new, but all are crucial to address. Click through our slideshow to see the nine security hotspots we predict for healthcare in 2015.

Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 11
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
12/15/2014 | 11:34:22 AM
Re: Ramp up the health care data security program
I wish i could take credit for some incredible foresight, @aws0513 -- but I think ANY time would be right to compile an outlook piece about healthcare security, I'm afraid. While we don't always hear about them on the national press, search online for healthcare breaches and you'll find a guesstimated one a week. That's not a scientific number but I'd love to have the time to compile a list that includes both 500+ and fewer incidents (not on the Hall of Shame). 
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll