Healthcare data breach information is the 'new oil'

Unlike oil, information appears to be a renewable resource...
Unlike oil, information appears to be a renewable resource...

David Gibson, vice president at the data governance specialist, says that healthcare data – particularly in the US – has become highly prized, “though not for the reasons you might think.”

“Data attacks are increasingly being carried out to gain access to information, which can then be used – and re-used again and again – sometimes even for marketing purposes,” he noted in an emailed comment. “The irony of this situation is that, although the initial breach is carried out by people operating on the wrong side of the law, once the data is passed along – usually generating money in the process – the recipients are usually unaware of its origins,” he said.

“Obviously, if someone presents you with an intimate database on several tens of thousands of people, you would be suspicious as to its origin, but if the data is only partially revealed, then it will be classed as normal – and permission-based – marketing information,” he added.

The owner of the healthcare data – and, of course, the patient themselves – would strongly think otherwise, Gibson went on to say, but the reality is that information can be partially and wholly replicated many times over, without the original owner being any the wiser.

In Varonis’ research released earlier this month, researchers found that found that half of companies have lost a device with important company data on it, causing security implications for more than a fifth of organizations.

Further, 57% of employees believe that the bring-your-own device (BYOD) trend puts their personal data at risk, even though almost three quarters of employees are now allowed to access company data from their personal devices.

This growing trend to work remotely is likely to have an impact on breaches and data leakages as mobile devices continue to have major security implications. Half of respondents stated that someone within their company has lost a device with important company data on it – and over a fifth admitted that a lost device had created a security implication for their company. The study also found that implementing a BYOD policy seems to have a small, though arguably statistically insignificant, positive effect on security as illustrated by a 5% drop in incidents at companies that have a BYOD policy.

By far the most popular method to secure mobile devices is password protection (57%), followed by 35% who wipe devices remotely, and 24% who use encryption.

“Our research revealed that 86% of respondents use their devices for work all day and night,” Gibson said. “And with 44% working their way through meal breaks with their handsets, it’s hardly any surprise that our colleagues at have revealed the high incidence of data breaches in the healthcare sector.”

He added that what healthcare organizations – and all companies – really need is to have a 360-degree view of all of their data.

“By making sure that only the right users have access to the right information from the right devices, use is monitored, and abuse is flagged they can quickly spot when anything untoward starts happening, and lock down their information accordingly,” Gibson said.


Editor's Note
Data in this article referenced by comes from the Ponemon Institute's Third Annual Patient Privacy & Data Security Study, sponsored by ID Experts.


What’s Hot on Infosecurity Magazine?