See Also - Test March.14

See Also - Test March.14
By Healthcare IT News
10:35 PM
Share

In the realm of privacy and security, heeding snooping employees and encrypting portable devices isn’t enough in healthcare these days. Criminal attacks on hospitals are on a huge upward trend, with a whopping 100 percent reported increase just from four years ago. That’s according to a new Ponemon Institute study released today.

And business associates who are not yet compliant with HIPAA in addition to those employees given the green light to use their unsecured devices certainly isn’t helping data security, say Ponemon officials.

The news isn’t all bad, however. Data breaches have actually slightly declined in recent years, but are still costing the industry a pretty penny, $5.6 billion annually to be exact. Ninety percent of survey respondents reported at least one data breach over the past two years, while 38 percent have had more than five data breaches in the same time period, findings show.

"Employee negligence, such as a lost laptop, continues to be at the root of most data breaches in this study. However, the latest trend we are seeing is the uptick in criminal attacks on hospitals, which have increased a staggering 100 percent since the first study four years ago," said Larry Ponemon, chairman and founder, Ponemon Institute, in a March 12 press statement. “The combination of insider-outsider threats presents a multi-level challenge, and healthcare organizations are lacking the resources to address this reality."Some 75 percent of healthcare organizations cited employee negligence as the top security concern, as they increase exposure to sensitive data by the growing use of their personal unsecured devices. Bring your own device policies, officials say, also present a new risk, as personal devices have become harder to manage, control and secure.

In fact, 88 percent of organizations permit employees and medical staff to use their own mobile devices to connect to their organization's networks or enterprise systems such as email, with access to patient information. Similar to last year’s study, more than half of organizations are not confident that the personally owned mobile devices are secure. Yet, 38 percent of organizations don’t take steps to ensure these devices are secure or prevent them from accessing sensitive information.Report findings also underscore healthcare organizations' growing distrust in their business associates relating to protecting patients' health information. Some 73 percent of organizations are not confident or only slightly confident that their third parties are able to detect a security incident, perform an incident risk assessment and notify them in the event of a data breach. According to those surveyed, the business associates who present the greatest risks to patient information are IT service providers, claims processors and benefits management.

In fact, 88 percent of organizations permit employees and medical staff to use their own mobile devices to connect to their organization's networks or enterprise systems such as email, with access to patient information. Similar to last year’s study, more than half of organizations are not confident that the personally owned mobile devices are secure. Yet, 38 percent of organizations don’t take steps to ensure these devices are secure or prevent them from accessing sensitive information.Report findings also underscore healthcare organizations' growing distrust in their business associates relating to protecting patients' health information. Some 73 percent of organizations are not confident or only slightly confident that their third parties are able to detect a security incident, perform an incident risk assessment and notify them in the event of a data breach. According to those surveyed, the business associates who present the greatest risks to patient information are IT service providers, claims processors and benefits management.

In fact, 88 percent of organizations permit employees and medical staff to use their own mobile devices to connect to their organization's networks or enterprise systems such as email, with access to patient information. Similar to last year’s study, more than half of organizations are not confident that the personally owned mobile devices are secure. Yet, 38 percent of organizations don’t take steps to ensure these devices are secure or prevent them from accessing sensitive information.Report findings also underscore healthcare organizations' growing distrust in their business associates relating to protecting patients' health information. Some 73 percent of organizations are not confident or only slightly confident that their third parties are able to detect a security incident, perform an incident risk assessment and notify them in the event of a data breach. According to those surveyed, the business associates who present the greatest risks to patient information are IT service providers, claims processors and benefits management.

In fact, 88 percent of organizations permit employees and medical staff to use their own mobile devices to connect to their organization's networks or enterprise systems such as email, with access to patient information. Similar to last year’s study, more than half of organizations are not confident that the personally owned mobile devices are secure. Yet, 38 percent of organizations don’t take steps to ensure these devices are secure or prevent them from accessing sensitive information.Report findings also underscore healthcare organizations' growing distrust in their business associates relating to protecting patients' health information. Some 73 percent of organizations are not confident or only slightly confident that their third parties are able to detect a security incident, perform an incident risk assessment and notify them in the event of a data breach. According to those surveyed, the business associates who present the greatest risks to patient information are IT service providers, claims processors and benefits management.