Healthcare News & Insights

Organizations struggle to find and fix data breaches

Of course, health IT pros would like to block every cyber security attack leveled against their organizations, but even the most optimistic know that’s not possible. That’s why detecting and quickly responding to data breaches is critical for lowering the damages of security incidents. 

computer-security-2The longer a breach goes undetected, the more costly it becomes. Hackers can continue taking sensitive data, and in some cases may even use it for fraud before the organization knows it’s been stolen.

However, many organizations aren’t doing a great job of discovering breaches to their network security, according to a recent study from security vendor McAfee.

Among the 500 companies surveyed, many are confident in their ability to find and respond to data breaches, with three-quarters saying they are able to assess their security in real time. In addition, 35% said they would be able to spot a hypothetical data breach within minutes, and on average, the organizations said they would need 10 hours to detect a breach.

But in the real world, things have not been so easy. More than half (58%) of the companies surveyed had suffered a data breach in the past year. Among those, just 24% discovered it within minutes, and only 14% were able to find the source of the attack in that time frame.

On average, the actual time it took to discover a data breach was 19 hours. And many serious attacks take even longer. For example, a recent study from Verizon found that some breaches last for months or even years.

Get better monitoring

Getting better at detecting and responding to breaches can go a long way to protect sensitive health data.

The best way to improve: Start looking. Many organizations don’t discover breaches because they aren’t actively looking for them. Experts recommend IT departments monitor logs and network traffic to find suspicious activity or data being sent to unknown places.

Organizations can use technology to automate that monitoring. But once that technology is implemented, it’s important that it’s used properly.

Best bet: Choose the most likely entry points attackers might use to get to sensitive data and monitor those connections.

Also, different monitoring tools should be integrated into a single system. Many organizations make the mistake of different teams having responsibility for the security of their own sectors, and not having that data correlated could cause delays in detecting breaches.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.