Data security still a risky business
November 21, 2013 in Medical Technology
A new poll from the Ponemon Institute has found that security preparedness is still sorely lacking across healthcare – a fact that could leave unsuspecting organizations “blindsided” by breaches.
The survey, conducted in partnership with Tripwire, asked 1,320 IT security professionals in healthcare and beyond about their privacy protections.
It found that, even as HIPAA fines have grown in size and frequency – including whopping sanctions against Affinity Health Plan ($1.2 million) and WellPoint ($1.7 million) this year – healthcare still lags far behind other industries when it comes to conducting risk assessments and implementing security controls.
[See also: HealthCare.gov security risks laid bare.]
“I’ve found (healthcare’s) actually perhaps the most far behind in terms of security,” said Avi Rubin, director of the health and medical security lab at John Hopkins’ Institute of Security, testifying at a Nov. 19 House hearing on the security flaws of HealthCare.gov. “I think that the healthcare IT industry needs to learn a lot from the other industries in order to bring their security up to par,” he told lawmakers.
“It is true that healthcare organizations rank better than average in some areas of this survey, but there is still a lot of room for improvement,” said Dwayne Melancon, chief technology officer for Tripwire, in a press release.
Not only do just half of organizations (52 percent) conduct formal risk assessments, but “they are also far less open to challenging current assumptions,” he added. “Both of these factors could cause them to be blindsided by the increasing number of cybersecurity threats to their businesses.”
Among other findings of the report, 70 percent of respondents say communicating the state of security risk to senior executives isn’t effective, since communications are contained in one department or line of business. Also, just 58 percent have fully or partially deployed change control and security configuration management.
Access the full report here.
[See also: At $1.2M, photocopy breach proves costly]
Associate Editor Erin McCann contributed to this story.