What You Should Know:
– A new report by Metomic, a data security company, reveals concerning vulnerabilities in how healthcare organizations handle sensitive data.
– The report, titled “Healthcare Data Crisis – Uncovering the Alarming Gaps in Data Security and Compliance,” highlights the prevalence of insecure file-sharing practices that put patient information at risk.
Key Findings:
- Exposed PII: A staggering 25% of publicly shared files contain Personally Identifiable Information (PII) like names, addresses, and social security numbers.
- Uncontrolled Access: Even private files often lack proper access controls.
- 68% of private files shared externally (outside the organization) contain PII.
- An even higher percentage (77%) of private files shared internally contain PII.
- Stale Data Permissions: Many healthcare organizations fail to update or remove access permissions for private files. This means people retain access to sensitive data long after they need it, creating a significant security risk.
Consequences of Insecure Practices:
- Data Breaches: The healthcare industry experiences a rising number of data breaches, with 2023 seeing a record number of exposed records (over 133 million).
- Financial Impact: Ransomware attacks, like the one on Change Healthcare, can disrupt operations and incur substantial costs (UnitedHealth estimates $1.35-$1.6 billion).
- Compliance Issues: Lax data security practices can lead to violations of HIPAA and GDPR regulations.
Beyond PII: Financial Data at Risk
The report also identified Payment Card Industry (PCI) data, such as credit card numbers, being stored in insecure files. While the percentage (1% of public files) may seem small, it represents a significant vulnerability for financial information.
Taking Action:
Healthcare organizations must prioritize data security to protect patient information and comply with regulations. Metomic’s report offers valuable insights and suggests best practices for data loss prevention (DLP) to mitigate risks.
“The healthcare industry is plagued by rampant data breaches that are costing organizations millions of dollars and putting highly sensitive patient data and financial information at risk. After digging into these findings, it’s clear that healthcare security leaders need more resources, DLP solutions, and data security tools to overcome the vast number of data security challenges they face day-to-day,” said Rich Vibert, co-founder and CEO, Metomic. “Healthcare organizations need data security and DLP platforms that not only help protect highly sensitive information, but also provide tools to ensure employees are not inadvertently sharing data or giving access to files that put the organization at risk. Metomic is designed for this exact need—we enable security teams to see where sensitive data is being stored and shared, and who has access to it. These data security tools are a must-have for today’s healthcare providers. It’s the only way to stop a data leak before it turns into a massive problem that could potentially put a healthcare organization out of business.”