Data Security Plans on the Rise in Health Care Industry, Other Sectors
September 29, 2014 in News
Organizations, including those in the health care industry, have made progress in the adoption of data security plans, according to a new report from the Ponemon Institute, Crain’s New York Business/Modern Healthcare reports (Crain’s New York Business/Modern Healthcare, 9/26).
Last month, the FBI issued a warning that the number of cyberattacks against health care organizations is rising. The alert came days after Community Health Systems announced that an external group of hackers attacked its computer network and stole the non-medical data of 4.5 million patients, which was the second largest HIPAA breach ever reported and the largest hacking-related HIPAA data breach ever reported (iHealthBeat, 8/21).
According to HHS data, about 30.1 million people have been affected by the 944 recorded major health data breaches since federal reporting requirements under the 2009 economic stimulus package went into effect (iHealthBeat, 8/20).
For the report, researchers surveyed 567 U.S. executives from various industries on how well they believe their companies are positioned to respond to a potential data breach.
Specifically, 13% of the respondents were from the health care and pharmaceutical industries (Ponemon Institute report, September 2014).
The report found that:
- 73% of respondents said their organizations had a data breach response plan, up from 61% in 2013 Crain’s New York Business/Modern Healthcare, 9/26); and
- 43% of respondents said their organizations had experienced a data breach in the past two years, up from 33% in 2013.
However, only 30% of respondents said their organization was “very effective” or “effective” in developing and executing a data breach response plan. A majority of respondents said their plans could be more effective by:
- Assigning individuals with significant expertise in security to the team;
- Conducting more data breach response “fire drills”;
- Having a budget dedicated to data breach preparedness; and
- Increasing participation and oversight from senior executives (Ponemon Institute report, September 2014).
Ponemon Chair Larry Ponemon recommended that organizations:
- Conduct data breach readiness testing;
- Have their data breach response plans vetted by individuals outside the organization; and
- Involve their board of directors in security planning (Crain’s New York Business/Modern Healthcare, 9/26).