Almost half of US healthcare organizations breached in the past year
A new report from information security specialist Thales e-Security reveals that 48 percent of US healthcare organizations reported getting breached in the last year, more than 2.5 times the rate from two years ago.
In addition 56 percent report feeling either 'very' or 'extremely' vulnerable to data breaches. More than three-quarters (77 percent) reported at least one breach at some time in the past. This is the highest percentage among all US vertical industries polled in this year’s report.
The healthcare industry has been turning its attention towards embracing technologies, including cloud, big data, the IoT and containers in order to better create and manage data, as well as store critical information more efficiently.
Almost all (95 percent) of global respondents to the study report using these technologies with sensitive data. With each new technology though comes unique data security challenges that must be addressed, as they increase the attack surface available.
All US respondents surveyed say they are using cloud technologies, with 63 percent using three or more cloud vendors for infrastructure (IaaS). Plus 58 percent of US respondents are using more than 50 cloud based software applications (SaaS), and 52 percent are using three or more cloud based platform (PaaS) environments.
Almost all (96 percent) of US respondents are using big data, while 90 percent are working on or using mobile payments, and 92 percent have a blockchain project implemented or are in the process of implementing one. 92 percent have IoT devices, which may include internet-connected heart-rate monitors, implantable defibrillators and insulin pumps.
As a result, these organizations have emerged as a prime target for hackers, putting valuable medical data at risk. While a stolen credit card has a time-limited value, PHI and electronic medical records are packed with data that can, and does, fetch hundreds of dollars per record on dark web markets.
Encryption is the top choice for complying with privacy regulations. But while the federal sector (77 percent), financial services (88 percent), and retail industries (89 percent) recognize encryption as the first or second most effective data security tool, healthcare in the US has the highest percentage of respondents planning to increase spending for endpoint and mobile device security (62 percent versus 57 percent globally), despite ranking them least effective in preventing data breaches.
"When it comes to data security, the US healthcare industry is increasingly under duress, which is why some of this year's findings are so counterintuitive," says Peter Galvin, chief strategy officer, at Thales e-Security. "For example, 62 percent of US respondents are investing money in endpoint security, even though it's rated least effective at protecting data. An alarmingly high number of US respondents (39 percent) also report storing sensitive data in SaaS apps. Data protection strategies need to match US healthcare's reality -- which is that of an industry embracing digitally transformative technologies -- in the form of encryption solutions offering protection to sensitive data that has moved beyond the traditional four walls of the healthcare environment."
You can read more about the report's findings on the Thales blog.