Healthcare organizations boost spending on cyber security

Faced with increased requirements to digitize their records, healthcare organizations around the world are boosting their cyber security budgets according to a new report.

The study from Thales e-Security finds 81 percent of US healthcare organizations and 76 percent of those globally will increase information security spending in 2017.

In the US, government regulations such as the HITECH Act's Electronic Patient Care Reporting (ePCR) requirements are driving healthcare organizations to digitize their data. While this creates efficiency, it means individual healthcare data is exposed to more people, in more places and on more devices, including smartphones, laptops and increasingly, IoT devices.

The industry is employing other technologies too, 60 percent of US healthcare respondents report their organizations aree deploying to cloud, big data, and IoT or container environments without adequate data security controls. The healthcare industry is also adopting some of these technologies for sensitive data use wholesale, with 69 percent of US respondents using SaaS, 59 percent big data, 46 percent mobile and 35 percent IoT environments.

Compliance requirements are also driving data security decision-making in US healthcare, with 57 percent of respondents listing it as their top spending driver. Globally though compliance ranks much lower, with the top two motivations for security spending listed as 'preventing data breaches' (39 percent) and 'protecting reputation and brand' (also 39 percent).

Encryption is emerging as the technology of choice for protecting data, with 65 percent of US respondents and 58 percent of global respondents opting to encrypt data in the public cloud. The survey yields similar numbers for IoT data (59 percent US, 58 percent global) and container data (58 percent US, 60 percent global).

Network and endpoint security remains the main focus though. Network security is the top choice for US healthcare companies (69 percent), compared to 53 percent of global respondents. endpoint security, on 61 percent, is close behind.

"Globally and in the US, healthcare companies are under pressure. In Europe, we see data sovereignty’s impact on security decision-making," Peter Galvin, VP of strategy at Thales e-Security says. "In the US, digital innovation is transforming the way patient information is created, shared or stored. For healthcare data to remain safe from cyber exploitation, encryption strategies need to move beyond laptops and desktops to reflect a world of internet-connected heart-rate monitors, implantable defibrillators and insulin pumps. Adhering to the security status quo will create vulnerabilities that lead to breaches, and further erode customer trust."

You can find out more and access the full 2017 Data Threat Report on the Thales blog.

Image Credit: sweetjinkz / Shutterstock