Despite moving to the cloud, health orgs need to keep tabs on data security

Among other steps, automating threat detection and increasing network visibility and control will help organizations lower their vulnerability to attacks.

Jeff Rowe | Feb 26, 2018 12:00 am

Digital security breaches happen less frequently than breaches due to theft of devices such as laptops or paper record theft, but when they do happen many more patients are affected.

That’s the key finding of a recent study published in the American Journal of Managed Care, which found that while healthcare organizations are spending more money upgrading their health IT infrastructure, they aren’t necessarily making necessary digital security upgrades.

“This study's results showed that paper and films were the most frequent mode or location of data breaches,” said report authors. “However, although network servers were among the most infrequent locations of data breaches, breaches of this type impacted the most patients overall.”

Despite the implementation of more sophisticated health IT systems, security breaches are still prominent enough to be a severe threat to healthcare organizations. Hospital type and size played more of a role in cyberattack vulnerability over health IT infrastructure sophistication and security methods, the study found.

Cloud-based data storage and data backup helps protect more data. If firewalls are breached, however, the cloud holds more patient data, leaving a larger surface area vulnerable to data theft.

Consequently, “hospitals should conduct routine audits to allow them to see their vulnerabilities before a breach occurs,” the study advised. “Additionally, information security systems should be implemented concurrently with health information technologies. Improving access control and prioritizing patient privacy will be important steps in minimizing future breaches.”    

In other findings, the report noted that even with sophisticated health information technology (IT) systems in place, security breaches continue to affect hundreds of hospitals and compromise thousands of patients’ data, leading researchers to believe that other hospital factors, such as area characteristics, region, bed size, health system membership, hospital type, hospital governance, and market concentration, may play a vital role in breach risk.

Moreover, the results showed that of all types of healthcare providers, hospitals accounted for approximately one-third of all data breaches and hospital breaches affected the largest number of individuals.