Share

Top 5 Stories

News

Healthcare data breach information is the 'new oil'

25 March 2013

A full 94% of healthcare organizations were breached in the last two years, a trend recently highlighted by Backgroundcheck.org. For its part, Varonis Systems says this highlights the fact that data has become the “new oil,” offering tremendous economic value.

David Gibson, vice president at the data governance specialist, says that healthcare data – particularly in the US – has become highly prized, “though not for the reasons you might think.”

“Data attacks are increasingly being carried out to gain access to information, which can then be used – and re-used again and again – sometimes even for marketing purposes,” he noted in an emailed comment. “The irony of this situation is that, although the initial breach is carried out by people operating on the wrong side of the law, once the data is passed along – usually generating money in the process – the recipients are usually unaware of its origins,” he said.

“Obviously, if someone presents you with an intimate database on several tens of thousands of people, you would be suspicious as to its origin, but if the data is only partially revealed, then it will be classed as normal – and permission-based – marketing information,” he added.

The owner of the healthcare data – and, of course, the patient themselves – would strongly think otherwise, Gibson went on to say, but the reality is that information can be partially and wholly replicated many times over, without the original owner being any the wiser.

In Varonis’ research released earlier this month, researchers found that found that half of companies have lost a device with important company data on it, causing security implications for more than a fifth of organizations.

Further, 57% of employees believe that the bring-your-own device (BYOD) trend puts their personal data at risk, even though almost three quarters of employees are now allowed to access company data from their personal devices.

This growing trend to work remotely is likely to have an impact on breaches and data leakages as mobile devices continue to have major security implications. Half of respondents stated that someone within their company has lost a device with important company data on it – and over a fifth admitted that a lost device had created a security implication for their company. The study also found that implementing a BYOD policy seems to have a small, though arguably statistically insignificant, positive effect on security as illustrated by a 5% drop in incidents at companies that have a BYOD policy.

By far the most popular method to secure mobile devices is password protection (57%), followed by 35% who wipe devices remotely, and 24% who use encryption.

“Our research revealed that 86% of respondents use their devices for work all day and night,” Gibson said. “And with 44% working their way through meal breaks with their handsets, it’s hardly any surprise that our colleagues at Backgroundcheck.org have revealed the high incidence of data breaches in the healthcare sector.”

He added that what healthcare organizations – and all companies – really need is to have a 360-degree view of all of their data.

“By making sure that only the right users have access to the right information from the right devices, use is monitored, and abuse is flagged they can quickly spot when anything untoward starts happening, and lock down their information accordingly,” Gibson said.

 

Editor's Note
Data in this article referenced by Backgroundcheck.org comes from the Ponemon Institute's Third Annual Patient Privacy & Data Security Study, sponsored by ID Experts.

 

This article is featured in:
Data Loss  •  Identity and Access Management  •  Industry News  •  Wireless and Mobile Security

 

Comments

ID Experts says:

26 March 2013
Backgroundcheck.org is not the original source of the survey data. These numbers come from the Third Annual Patient Privacy & Data Security Study conducted by the Ponemon Institute and sponsored by ID Experts. Not sure how Backgroundcheck.org got to be credited with the information but it looks like they might be passing it off as their own. It would be nice if you made the correction. For the full report you can visit the Ponemon website:
http://www.ponemon.org/library/third-annual-patient-privacy-data-security-study

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×