BYOD and Endpoint Security Continue to Put Healthcare Data at Risk

According to the fourth annual Patient Privacy and Data Security report compiled by Ponemon, data breaches in 2013 went down slightly, but the real change comes in the 100% increase (over 2010) in attacks on healthcare systems. Given the rise in the value of healthcare data to criminals, with a $50 street value for medical identities (over $1 for a SSN), it is not surprising that criminals are being attracted to the healthcare industry.

2013 is the first year in the report’s 4-year history that data breaches have not risen, which is a great sign. As in past years, the root of many data breaches continues to be the endpoint:

“Employee negligence, such as a lost laptop, continues to be at the root of most data breaches in this study.” - Dr. Larry Ponemon, chairman and founder, Ponemon Institute.

There are a number of new risks and worries affecting the healthcare industry, such as criminal attacks, employee negligence, unsecured mobile devices, and the unproven security of the new health insurance marketplace created under the Affordable Care Act. The increased use of personal unsecured devices under BYOD continues to present challenges to healthcare organizations, with more than half of the surveyed organizations not feeling confident that BYOD devices are secure.

Key takeaways from the study:

• Data breaches cost healthcare organizations $5.6 billion annually
• 90% of respondents have had 1+ data breaches in the past 2 years
• 38% of respondents have had 5+ data breaches in the past 2 years
• 75% of organizations cite employee negligence as their biggest security worry
• 88% of organizations permit employees and medical staff to use their own mobile devices to connect to their organization’s networks or enterprise systems and access patient data
• 38% of organizations don’t take steps to ensure BYOD devices are secure or to prevent them from accessing sensitive information
• Top threats to healthcare data include: criminal attacks, employee negligence, unsecured mobile devices (smartphones, laptops, and tablets), and third parties

When it comes to managing the risks presented by employee negligence, particularly as it relates to the endpoint, Absolute is here to help. We invite you to preview our healthcare solutions for proven solutions to manage and secure IT endpoints (and the data they contain).