What healthcare CIOs need to know from Verizon data breach report

Don Fluckinger reports:

The good news: While the annual Verizon-Secret Service 2013 Data Breach Investigations Report shows that hacktivist attacks and state-sponsored espionage are on the rise, overall, healthcare organizations aren’t really prime targets for those kinds of attacks.

[…]

The bad news: The industry has a variety of data breach prevention worries. Healthcare providers have a lot of catching up to do with other sectors, such as finance and manufacturing, not only in detecting and stopping leaks in their networks in order to protect patients but also in lining up with new compliance mandates, such as the HIPAA omnibus rule.

In breaking down her team’s data breach statistics, Widup said it’s still difficult to determine whether healthcare breaches are on the rise or not. New state and local laws are forcing hospitals to report breaches for the first time, and their new awareness of the security vulnerabilities in patient data is helping hospitals to detect problems that might have gone unnoticed before.

Most threats to healthcare data are still external, the Verizon data seems to indicate, as opposed to the internal threats posed by disgruntled employees or well-meaning workers who aren’t well-versed in privacy policies. While such internal threats still need to be addressed and mitigated, devices such as thumb drives and laptops with unencrypted data seem to be where healthcare providers are getting into the most trouble.

Read more on SearchHealthIT.

 

About the author: Dissent