68 percent of all healthcare data breaches since 2010 are due to device theft or loss, according to the 2014 Healthcare Breach Report from Bitglass. Despite the recent headlines of hacker attacks to hospitals, only 23 percent of healthcare data breaches were a result of cybercriminals compromising networks and exfiltrating data. The findings come from analyzing data on the United States Department of Health and Human Services’ “The Wall of Shame,” a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA).
You’re More Likely to be Robbed Than Hacked
Additionally, California put out a report on data breaches that similarly found 70% of compromised health records since 2012 were due to stolen and lost devices. According to data from Department of Health and Human Services breach records:
– 48% of breaches involved a laptop, desktop, or mobile device.
– 4% of breaches accounted for 80% of total records compromised. Of these 100k record and above mega-
breaches, an above-average 78% of compromised records were the result of loss or theft.
The statistics prove that consumers should be more concerned ensuring that healthcare providers are securing protected health information (PHI) that resides on laptops, desktops and mobile devices. For healthcare data breach victims, bad credit, lost insurance coverage, mixed-up records, higher premiums, and the stress of dealing with it are just the beginning. If an identity thief changes patient medical information and a physician diagnoses a problem incorrectly, serious medical harm or even death can result.
With PHI breaches, consumers have no such protections. Healthcare organizations, by and large, are not set up to identify illicit records activity and put a stop to it. Healthy patients may not learn about a breach until they have reason to get treatment—probably the worst time to have to deal with such a problem.
Bitglass Is Recommending Two Key Considerations for Healthcare Data Security in Today’s World of Cloud Apps and Mobile Devices
1. Secure Data, not Devices or Networks
By securing sensitive data as it flows down to end-user devices, health care organizations ensure that even if the device is lost or stolen, sensitive data is not compromised. Technologies such as on-the-fly encryption, redaction, DLP and DRM on sensitive data must be dynamically and automatically applied by policy.
2. Make Data Security a User-Friendly Experience
Mobility enables healthcare workers to spend more time on their patients. Any solution that hinders productivity is bound to attract workarounds that defeat security policies. In the same vein, security solutions should be easy to deploy and maintenance should not be burdensome, as it does is not easily scale and can become costly.
For more information about this report, visit http://pages.bitglass.com/pr-2014-healthcare-breach-report.html