Following the biggest data breach yet this year, with over 80 million Americans patient records being exposed from Anthem, the healthcare industry reputation for data security is at an all-time low. All of last year there were issues with insider threats, from malicious to accidental. To add on to this, there are now reports that it was email that was used to get into the Anthem network and steal all that data.
The data which was not encrypted was stolen and hacking started from employees email accounts.
This is not the first time, although it being the most covered by media, however, there have been many, many times last year when laptops were stolen or former employees accessed the network to steal patient related sensitive information. Already many states have seen this and are saying that “enough is enough!” The push for better data security such encryption is now close to being considered law for those organizations that deal with customer personally identifiable information.
A lot of healthcare organizations have performed security and compliance training however, with the failure rate of over 70 percent according to a 2011 report on IT security best practices, human error is more than possible over security technologies.
Isn’t it time to make sure that data is secured no matter what?
Although retail and finance have taken over the majority of data breaches due to their large numbers of records exposed, judging by the headlines, healthcare seems to take the lead of how common those breaches are. To be more exact, the healthcare industry accounted for 43% of all major breaches in 2014, according to the Ponemon Institute.
Within healthcare organizations, a whopping 93% of information held requires protection, according to EMC’s The Digital Universe report. The data includes claims requests, PHI, and medical records. Yet only 57% of this information is “somewhat protected,” while 43% is inadequately safeguarded, the report found. Somewhat protected, inadequately safeguarded?
The best way to ensure that data is secure is to make sure it is DRM protected. Fasoo Enterprise DRM or Digital Rights Management protects the data itself to provide a more secure work environment. Meeting compliances and regulations is one thing, but ultimately protecting data and protecting patient health information should be the 2015 goal for the whole healthcare industry.
Photo Credit: Daniel Lobo