The Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, on behalf of ID Experts, shows the continued targeting of healthcare organizations, due in large part to the high value of healthcare data. While cyberattacks increasingly target healthcare organizations, the flip side is that insider negligence continues to open up opportunities for both cyber attacks and data loss from more traditional methods.
In the past 2 years, 90% of healthcare organizations represented in the study had a data breach, with 45% of those having more than 5 breaches in the same time period. The number of healthcare organizations suffering repeat data breaches is on the rise. Estimates suggest that healthcare data breaches cost the industry $6.2 billion, up from the estimated $6 billion in the previous year. As noted on the Ponemon blog:
"Healthcare organizations and their business associates are a community of organizations that share vulnerable patient data—a community that provides a larger attack surface, and many points of access, for criminals who are becoming more adept at acquiring and exploiting personal information."
Key takeaways from the study:
Although cyber attacks are often credited as the “cause” of a data breach, in reality, they are only the final broken link in a chain of weaknesses that were exploited. Unpatched systems and devices, lost or stolen devices, phishing & malware, insecure passwords, use of public WiFi, unsanctioned cloud use, poor data access and use controls (and so much more) continue to open the doors for cyber criminals to pursue their final attack. With insider threats currently accounting for half of data breaches, it’s likely that, if you dug further, an even greater percentage of cyber attacks would trace back to insiders.
Right now, half of all healthcare organizations have little or no confidence they can even detect the theft or loss of data, let alone prevent it. With the continued shift to electronic health information, and the growing attack surface introduced by the cloud, mobile use and even the Internet of Things, we’re going to continue to see healthcare organizations suffer data breaches at this magnitude.
At Absolute, it’s our goal to streamline the protection of healthcare data, no matter where it lives. Absolute DDS for Healthcare provides valuable insight into all of your endpoints and the data they contain, so you can have accurate information on your fleet of devices, as well as the information they contain, with alerts for events and activities that could be precursors to a security incident.
With Absolute DDS, you can help shine a light on dark data on the endpoint, helping you address the ever-prevalent insider threat, prevent or respond to data breaches, and prove compliance if needed. Absolute DDS for Healthcare is a comprehensive on boarding program which pairs our highest level of endpoint security with expert forensic support to respond to and contain security incidents. Learn more at Absolute.com