News Feature | February 10, 2015

$4.1 Billion Reasons Security Is In The Healthcare Spotlight

By Megan Williams, contributing writer

Avoid Healthcare Security Incidents And PHI Loss

While 2014 might have been a year plagued by security breaches, 2015 is bound to be a year where security in the industry gets new emphasis.

Recent Issues

The fact that breaches in the healthcare industry are on the rise isn’t news, and is also unsurprising, considering patient records can go for $50 each on the black market. A recent report from the HITRUST Alliance (beginning on page 12) outlines some of the highlights of the recent years of data breaches:

  • total breaches: 495
  • total records: 21.12 million
  • total cost: $4.1 billion
  • average size: 42,659 records
  • average cost: $8.27 million
  • average time to identify: 84.78 days
  • average time to notify: 68.31 days
  • most breached organizations: Hospitals/health systems and physician practices accounted for 32 and 28 percent of total breaches. Government institutions (VA hospitals included) accounted for 40 percent.
  • business associates: BAs were listed as implicated in 21 percent of breaches and have accounted for 58 percent of the records breached.

Prevention

Health IT Security has presented three primary ways that breaches like the ones covered above can be addressed before they happen:

  1. Launch new internal and external mobility security services. The types of integrations between mobility platforms and internal systems are growing, and allowing for new and cleaner levels of collaboration.
  2. Keep EHR infrastructure locked down. Virtual systems hold multiple benefits. These include:
  • Reduced number of end-points running software with medical information
  • The ability to centralize data and management of the EHR system
  • The ability to deploy specific securities policies around repositories
  • Some of your clients might want to consider an approach like that taken by the University Of Texas Medical Branch (UTMB), which has zero installed instances of EPIC on their systems. That means it takes them only about 10 minutes to patch all 40 of their servers at the same time.

       3. Cut back on cloud and end-point data. The less data that’s stored at endpoints, the lower the risk of loss   and theft. Virtual delivery platforms are also now so powerful that entire desktops and applications can be pushed-down to lightweight, easy to manage end-points that handle no data. That means that a lost laptop can be controlled at the data center level, easing HIPAA and other compliance concerns.

Overall though, regardless of the technology you’re addressing, the same advice applies. Stay proactive, and make sure security policy knowledge is understood across your client organizations.