It’s not good to be in Healthcare IT these days, judging by the latest data. With over 3 million records put at risk by both insiders and external attacks in Q2, healthcare orgs need to be vigilant.
The Q2 2018 Breach Barometer report from Protenus paints a bleak picture for the security of health data. If you’re in healthcare, you should be concerned.
What’s worse is that about 30 percent of those breaches were caused by repeat offenders from within the organizations. It highlights a continued issue facing the sector: Risk accumulates over time when proper education and reporting do not happen.
Some of the Q2 2018 findings include:
- 142 Data Breaches (up 29% over Q1)
- 3.1 million records (up from 1.1 million in Q1)
- Healthcare worker-related breaches are up 272%
To make this worse, nearly 30% of healthcare organizations experienced more than one data breach. According to the Protenus report, organizations that do not detect and mitigate the first breach have a greater than 30% chance of having another breach within 3 months, and a 66% chance within 12 months. In other words, if the organization isn’t educating users on appropriate use, monitoring for policy violations, and addressing breaches – even minor ones – the odds are the problem will only compound. Additionally, the problem is exacerbated by insider infractions – 9 out of every 1000 employees breach patient privacy, mostly snooping around the records of family members.
So, why is Healthcare seeing so many data breaches?
There are two issues found within the Protenus data:
- Not enough staffing – on average, only 1 investigator is assigned to 4000 EHR users across 2.5 organizations, making it nearly impossible for healthcare organizations to stay on top of monitoring user behavior.
- The complete lack of a security culture – The snooping and repeat breaches clearly demonstrate that users are not educated and instilled with a need to preserve corporate security. In fact, 78% of healthcare organizations have inadequate data privacy and security awareness training in place.
Improving the number of investigators may be tough – some organizations are leveraging third-party investigation services, making it cost-ineffective to have someone full-time monitoring user activity. What healthcare organizations need to do is focus on the part of the problem they can definitely address – the security culture. By establishing Security Awareness Training, healthcare organizations can communicate their expectations of the users around data security, snooping, and interaction with email and the web (both entrance points for external attacks). By doing this, they can reduce the likelihood of successful malware attacks used to gain access to the network, insider threats, and inquisitive workers looking to take a peek at a patient’s records.
Free Phishing Security Test
Did you know the average Phish-prone™percentage in the Healthcare industry is 28%? Find out how you compare.
Healthcare records are a big target for cybercriminals because these records include valuable personal, medical, and financial information. We help you train your employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks. Take the first step now. Find out how many of your users will click and see how you compare to your industry peers.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: