Forrester Criticizes Healthcare For Not Going Beyond Compliance

By: Arieanna Schweber | 12/2/2015

As was predicted nearly a year ago, 2015 has been the year of the data breach. And yet, the reality is that there haven’t necessarily been more data breaches in 2015 than in 2014 (statistics show breaches nearly on par between 2015 and 2014), but that the breaches have been larger than ever before. Such large data breaches have created a culture of fear, affecting consumers and organizations alike.

In 2014, there were 761 data breaches of over 83 million records; in 2015, there have been 690 data breaches so far, affecting over 176 million records. Before the year is even out, that represents a growth of over 211% in the number of records breached. Healthcare, as expected, has experienced much of the fallout from data breaches this year. While the number of data breaches has gone down, the size of breaches has gone up significantly, representing 68% of all breached records.

According to a new report from Forrester, the size of data breaches has left customers, citizens and patients alike worried about financial and medical identity theft. When it comes to protecting data, the report calls out the healthcare industry for being underprepared. Forrester analyst Stephanie Balaouras notes:

“They've done it begrudgingly and they've done it as something that they need to comply with at the lowest possible cost, as opposed to something they really embrace.

The focus, to date, has really been more on achieving HIPAA compliance rather than overall privacy."

The fallacy that compliance equals protection is one that many organizations face, but compliance merely offers a baseline standard that we all need to have in place, it is not a measure of security preparedness. One-size-fits-all standards such as HIPAA should not be treated as comprehensive guidelines, but rather a jumping off point that takes a layered approach based on individual risk requirements.

In our whitepaper, Best Practices for Healthcare Data Breach Prevention, we discuss many specific ways you can achieve data protection and move beyond compliance, including policy, process and layered-technology defences. As part of your preparedness, we provide Absolute DDS for Healthcare, a comprehensive onboarding program  which pairs the highest level of endpoint security with expert forensic support to respond to and contain security incidents. The Forrester brief suggests that behavioural analytics to identify suspicious behaviour be a part of every security plan, and we agree. With Absolute DDS, you can set policy-based actions to identify suspicious changes to software, hardware or user behaviour, with automated actions to ensure that data on the endpoint is protected. Learn more at

Financial Services