Data security still a risky business

Barely half of health organizations do formal assessments
By Mike Miliard
10:34 AM

A new poll from the Ponemon Institute has found that security preparedness is still sorely lacking across healthcare – a fact that could leave unsuspecting organizations "blindsided" by breaches.

The survey, conducted in partnership with Tripwire, asked 1,320 IT security professionals in healthcare and beyond about their privacy protections.

It found that, even as HIPAA fines have grown in size and frequency – including whopping sanctions against Affinity Health Plan ($1.2 million) and WellPoint ($1.7 million) this year – healthcare still lags far behind other industries when it comes to conducting risk assessments and implementing security controls.

[See also: security risks laid bare.]

"I've found (healthcare's) actually perhaps the most far behind in terms of security," said Avi Rubin, director of the health and medical security lab at John Hopkins' Institute of Security, testifying at a Nov. 19 House hearing on the security flaws of "I think that the healthcare IT industry needs to learn a lot from the other industries in order to bring their security up to par," he told lawmakers. 
"It is true that healthcare organizations rank better than average in some areas of this survey, but there is still a lot of room for improvement," said Dwayne Melancon, chief technology officer for Tripwire, in a press release. 

Not only do just half of organizations (52 percent) conduct formal risk assessments, but "they are also far less open to challenging current assumptions," he added. "Both of these factors could cause them to be blindsided by the increasing number of cybersecurity threats to their businesses."

Among other findings of the report, 70 percent of respondents say communicating the state of security risk to senior executives isn't effective, since communications are contained in one department or line of business. Also, just 58 percent have fully or partially deployed change control and security configuration management.

Access the full report here.

[See also: At $1.2M, photocopy breach proves costly]

Associate Editor Erin McCann contributed to this story. 

More regional news

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.