Healthcare News & Insights

Top threats to data security in hospitals

If you think you’re seeing more healthcare-related data breaches in the news lately, it’s not just in your head. Hospitals and other healthcare providers have become popular targets for hackers and cybercriminals. But there’s good news: Healthcare IT pros are on top of the issue. 

ThinkstockPhotos-505594688Recently, Vormetric, a data security firm, put out a healthcare edition of its annual data threat report, where it analyzed the results of a survey of senior IT security executives in health care.

According to a news release, of those who responded, nearly all (96%) feel vulnerable to data threats. Many directly cited cybercriminal activity as a top concern for their organization.

And this isn’t just because of the media hype surrounding ransomware attacks and security breaches at other facilities. Sixty-three percent of these executives have experienced a data breach of their own in the past. Almost 20% had to deal with a breach in the last year.

Biggest challenges

Although breaches are becoming more common, hospitals aren’t able to budget as much money as they’d like to prevent these issues. Reason: Meeting compliance requirements is a bigger budget concern – it’s the top security spending priority for 61% of execs.

Between federal mandates to improve use of electronic health records (EHR) systems and provide stronger protections for patients’ protected health information (PHI), healthcare IT pros have a lot on their plates regarding compliance. So it’s not surprising that adhering to these guidelines is the biggest concern in IT.

But, 69% of healthcare IT executives believe that meeting these requirements is a very or extremely effective way to protect PHI and other sensitive data. Since hackers are becoming more sophisticated, that’s not always the case. Even a hospital that’s compliant with all HIPAA guidelines for data protection can fall victim to outside threats – especially if employees aren’t following best practices for data security.

Besides budgetary concerns, another significant barrier to implementing better data security in hospitals is a perception of complexity. Over half (54%) of healthcare IT executives cited this as an issue, likely due to the issues past systems had with usability. Other problems include a lack of staff to manage systems (38%) and lack of organizational buy-in (33%).

Cloud security

However, even with the challenges they’re facing, 60% of IT executives do plan to increase their spending to offset any data threats, and 46% will increase their budget for data-at-rest defenses for their systems this year.

Some of this spending may go to shoring up security for data being stored on devices connected to the Internet of Things (IoT). Security for both IoT devices and cloud storage is a hot button for hospitals, since developments in these areas are changing how facilities use everything from EHRs to insulin pumps.

Nearly 40% of healthcare organizations will be storing sensitive data in IoT environments – and their top concerns are how to prevent privacy violations related to IoT data (37%) and protect this data (36%).

Many healthcare IT pros will also be storing data in various cloud-based environments, including Software as a Service (SaaS, 48%), Infrastructure as a Service (IaaS, 52%) and Platform as a Service (PaaS, 52%). Their top concerns with these cloud environments were:

  • privileged user abuse at the cloud provider level (74%)
  • meeting compliance requirements (72%), and
  • security breaches at the cloud provider level (69%).

Hospitals and other healthcare providers would be more willing to use cloud storage services for PHI and other sensitive data if providers encrypted the data and allowed them to maintain local control over keys to access it – 48% of respondents agreed with this sentiment.

High-tech ways to protect data

From these results, it’s clear: Data security is a complex issue that goes beyond compliance. Healthcare executives must work closely with IT to come up with a strategy that takes the latest threats into account. Many of your peers are planning to use high-tech security tools to protect patient data, including:

  • cloud security gateways (39%)
  • security event and information management (SIEM) systems (36%)
  • tokenization (35%), and
  • data access monitoring (34%).

You may find it helpful to discuss these options with the top brass in your IT department to see if any are feasible for your hospital. Adding extra layers of security like this makes it difficult for hackers to break into your systems, and can mitigate some of the effects of human error on your data security.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.