By Megan Williams, contributing writer
Security breaches in healthcare are a major issue, but not enough attention is being paid to threats from the inside.
Vormetrics, a provider of enterprise data security for physical, virtual, Big Data, public, private, and hybrid cloud environments, released its 2015 Vormetric Insider Threat Report, examining details around threats to healthcare security that originate within an organization and threats overall.
- Among healthcare IT decisions makers, 92 percent reported that their organizations are somewhat or more vulnerable to insider threats.
- Of those same decision makers, 49 percent felt extremely or very vulnerable to insider threats.
- “Privileged Users” were named as the most dangerous insider by 62 percent of respondents, followed up by partners with internal access and contractors.
Compliance And Data Breaches
Even with the industry-wide understanding we have of the vulnerability of healthcare data, security is heavily driven by compliance requirements — 54 percent of respondents cited compliance as the top reason they reported sensitive data, and 68 percent rated compliance as very or extremely effective at stopping both insider threats and data breaches.
The survey highlights the fact that the slow-moving nature of compliance regulations in contrast with the agility and evolution rate of threats makes for a less than ideal security environment in which compliance is not doing the work needed. According to Alan Kessler, CEO of Vormetric, “Healthcare data has become one of the most desirable commodities for sale on black market sites, yet U.S. healthcare organizations are failing to secure that data. An overreliance on compliance requirements and a cursory nod to data protection point to systemic failures that are putting patient data at risk. What’s needed is for healthcare organizations to realize that compliance is not enough, and to implement the controls and policies required to put the security of their data first.”
A Change In Spending
The industry does seem to be responding though.
While data breach prevention has dominated spending in the past, fulfilling compliance requirements and passing audits is starting to see more financial emphasis.
The survey showed that the greatest point of planned investments spending-wise, were data-at-rest defenses and analysis/correlation tools at 46 and 45 percent respectively, and fulfilling compliance requirements was cited as a top driver for 39 percent of respondents.
For insight into balancing security and privacy in a healthcare environment, please read “How To Balance Security And Privacy With Hospital Data”