Healthcare Security In 2015: 9 Hotspots - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Healthcare // Security & Privacy
08:36 AM
Alison Diana
Alison Diana
Connect Directly

Healthcare Security In 2015: 9 Hotspots

With data breaches growing, 2015 promises to be the healthcare industry's most challenging security year yet. These nine areas demand attention in 2015.
1 of 11

Healthcare organizations must tighten security or risk getting breached, penalized, and potentially ostracized by a public fed up with seeming carelessness with their personal information. Unfortunately, the task of securing protected health information (PHI) is only becoming more challenging for even the best-prepared organizations. Fitness bands, hospital portals, electronic health records, health information exchanges, insurance networks -- the list of Internet-connected devices, tools, and sites containing personal and medical data keeps growing.

The healthcare sector has been under attack for some time. In 2014, despite headlines dominated by JPMorgan Chase, Home Depot, and other retail or financial entities, the healthcare industry accounted for 43% of all major breaches, according to the Ponemon Institute.

Even attacks on companies that don't operate within the medical field can have healthcare-related consequences. When Sony Pictures Entertainment was hacked in November, cyberthieves apparently stole more than movies. They reportedly also took more than 25 gigabytes of data on tens of thousands of Sony employees, including medical and salary information, Social Security numbers, and addresses, according to Krebs On Security.

Within healthcare organizations, a whopping 93% of information held requires protection, according to EMC's The Digital Universe report. The data includes claims requests, PHI, and medical records. Yet only 57% of this information is "somewhat protected," while 43% is inadequately safeguarded, the report found. But IT professionals must balance security needs against healthcare professionals' need for fast access to data and applications; extra clicks can make a difference in a patient's life, after all.

"With the continuation of high-profile hacks, IT security, specifically distributed or mobile security, will be a renewed priority for many organizations," David Appelbaum, senior vice president of marketing at Moka5, told InformationWeek. "No one wants to be the next headline, and as the stakes go increasingly higher, the need for enhanced security that does not inhibit end-user productivity is becoming increasingly more of a requirement."

Healthcare organizations have been warned about the consequences of an insecure environment, and the cacophony of cautions grew following the Community Health System breach in August. Still, a frightening number of healthcare providers continue to ignore the alarms from a federal alphabet soup of agencies, including the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Food and Drug Administration (FDA). Consider:

  • More than 41% of healthcare organizations do not use endpoint encryption, even though approximately one-third of employees work remotely at least once a week, according to Forrester Research.
  • Sixty-eight percent of the industry's breaches since 2010 have occurred because files or devices were stolen, the Bitglass 2014 Healthcare Breach Report determined.
  • Hacker attacks increased 600% in the first 10 months of 2014 versus the prior year, Websense Security Labs' Carl Leonard told TechNewsWorld.

Attackers also are becoming more sophisticated, experts warn. Cybercriminals are seeking more information than ever about their victims to sell, Websense researchers cautioned. "These fuller, richer, personal identity dossiers of individual users, consisting of multiple credit cards, regional and geographic data, personal information and behavior, will be increasingly traded in the same manner that stolen credit cards are today."

Because this information often resides within health systems' databases or networks, hospitals are natural targets and require extraordinary defenses.

With so much cyberdanger to battle, it seems obvious the healthcare industry will face additional crises in 2015. None of the underlying security issues are new, but all are crucial to address. Click through our slideshow to see the nine security hotspots we predict for healthcare in 2015.

Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 11
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
12/15/2014 | 11:34:22 AM
Re: Ramp up the health care data security program
I wish i could take credit for some incredible foresight, @aws0513 -- but I think ANY time would be right to compile an outlook piece about healthcare security, I'm afraid. While we don't always hear about them on the national press, search online for healthcare breaches and you'll find a guesstimated one a week. That's not a scientific number but I'd love to have the time to compile a list that includes both 500+ and fewer incidents (not on the Hall of Shame). 
User Rank: Apprentice
12/12/2014 | 11:46:13 AM
Re: Ramp up the health care data security program
I have been in a number of hospitals that do not secure their data for the simple reason that the "doctors do not want a difficult process".  Therefore, management refuses simple items such as complex passwords, remove or isolate aging operating systems, etc...  Until management allows security professionals to correct even the most fundamental tenants of security, the security posture will remain the same.
User Rank: Apprentice
12/10/2014 | 3:29:51 PM
Too much information
A good article, but are healthcare providers collecting too much personal information?

I visited  my dentist yesterday for a toothcleaning - I have been a patient for >4 years - yesterday I was presented with a new set of forms - they needed insurance card, driving license, social security number, address, date of birth.  The patient records are on display in open filing racks, I don't know who has access to their computers or where the backups are kept or if they shred their old paperwork, but it looked like identity theft waiting to happen.

When did an insurance card or credit card become insufficient for a $80 cleaning?
User Rank: Strategist
12/10/2014 | 10:06:18 AM
Ramp up the health care data security program
Great article Alison.
The timing of this article could not be better...
Yesterday, DHHS issued a $150K sanction against a health care provider for poor security practices, specifically bad patching practices and using outdated/unsupported software.

Google search: Anchorage Community Mental Health Services and DHHS and sanction
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Is Cloud Migration a Path to Carbon Footprint Reduction?
Joao-Pierre S. Ruth, Senior Writer,  10/5/2020
IT Spending, Priorities, Projects: What's Ahead in 2021
Jessica Davis, Senior Editor, Enterprise Apps,  10/2/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll