Healthcare Industry Lags in Security

By: Absolute Team | 10/4/2011

The Health Research Institute at PwC has released a new report on the health care information landscape entitled "Old data learns new tricks: Managing patient privacy and security on a new data-sharing playground." As is probably not surprising, a breach of protected health information (PHI) occurred, on average, every other day in the last year and a half.

The report shows that health organizations are not equipped to deal with the increased demand for electronic health information, mobile technology or with the increased collaboration between health organizations and their partners. With security and privacy controls lagging behind, the report shows a dire security situation:

  • 66% of total reported health data breaches in the past 2 years were the result of theft
  • 36% of health providers have confirmed that patients have attempted to seek services under false identification (medical identity theft)
  • 55% of health organizations have not addressed privacy and security issues on mobile devices
  • 40% of health providers report an incident of improper internal use of protectedhealth information (including transfer of files to unauthorized parties)
  • 58% of providers and 41% of health insurers say they include the appropriate use of electronic health records (EHR) as part of employee privacy training

James Koenig, director and co-leader, Health Information Privacy and Security Practice, PwC, notes:

"Most breaches are not the result of IT hackers, but rather reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error – loss of a computer or device, lack of knowledge or unintended unauthorized disclosure"

On a positive note, the research has indicated that the recent increase in breach enforcement has led health organizations to re-focus on privacy and security. If you are a part of a healthcare organization and would like help on your endpoint security, Absolute would love to help.

Financial Services