It’s Time For Healthcare CISOs To Close The Faucet Of Data Loss
By all accounts, we’re approaching a new order of integration between technology and medicine. Real-time medical diagnostic data obtained from our mobile phones will soon be integrated directly into our electronic medical records where clinicians can use the data to make more-accurate (and potentially dynamic) treatment plans. Hospital staff can communicate and react to changing patient conditions faster and with less disruption to the patient experience than ever before, thanks to increasingly integrated mobile messaging systems and other mobile applications (for both the patients and clinical staff).
Applying big data analytics to PHI promises to improve patient outcomes and lead to more efficient —and less costly — patient care. It’s hard not to feel a level of excitement as this convergence of healthcare, mobile technology, and big data progresses at an accelerated rate. However, with all of this new patient data being collected by insurance payers, medical providers, and third-party services, healthcare employee endpoints have become an especially vulnerable source of data loss.
In our recently published brief, “Stolen And Lost Devices Are Putting Personal Healthcare Information At Risk,” we present a number of findings related to healthcare data loss from our latest Forrester surveys as well as those from our data partners. Most notably:
■Healthcare records are five times as likely to be lost due to device theft/loss.¹ If you’re a CISO at a healthcare organization, endpoint data security must be a top priority in order to close this faucet of sensitive data. Consequences will increasingly be more than just a mere slap on the wrist with fines, as consumers fight back.
■Healthcare employees spend significant time working outside of the workplace.² S&R pros charged with protecting their healthcare organization’s PHI can’t assume that this data will stay within the confines of their controlled IT environment. In fact, Forrester data shows that about a third of healthcare employees work outside of the office or clinic at least once a week.
■More than 41% of healthcare organizations have not deployed endpoint encryption.³ Endpoint full disk or file-level encryption are two of the most common ways to mitigate the risks associated with device loss. Considering the high percentage of security incidents and breaches caused by device loss/theft in healthcare, one would expect this number to be much higher.
As healthcare organizations gather and process greater amounts of PHI, data security initiatives become exponentially more important. S&R leaders must work to create awareness and understanding of the associated responsibilities and risks at the highest levels of the organization if they are ever going to curb the tide of data loss in healthcare.
¹ CyberFactors, LLC
² Forrester’s Business Technographics Global Telecom And Mobility Workforce Survey, 2014
³ Forrester’s Forrsights Security Survey, Q2 2013