Skip to main content

Why Are Healthcare Breaches on the Rise? (Part 2)

August 29, 2014

In my last blog post, I discussed how the visibility of electronic healthcare records (EHR), and the lucrative financial gain attackers can realize by stealing those records, has led to an increase in healthcare breaches. In this post I will explain why securing the records can be challenging, and what needs to be done in the industry to protect patients’ information.

The Difficulty of Securing Healthcare Records

Securing healthcare records can be a daunting task. Healthcare records contain a great deal of unstructured clinical data. Unlike an account number or social security number, it is more difficult to identify protected health information (PHI). In addition, the data flows across an entire ecosystem of healthcare, from the doctors and nurses doing direct patient care, to the labs performing analysis, back office billing and insurance claims and business associates providing their services. There is also a great demand for the use of iPads and tablets as part of patient care, and securing patient data on these devices is a very unique challenge. In many hospitals the doctors are not employees but rather contracting with the hospital, making it more difficult to implement a ubiquitous solution.

What Needs To Be Done?

Healthcare association administrators must understand that part of quality care involves protecting patient health information. They need to invest in their security organization’s staff and their security programs to protect the information. Healthcare security professionals are amongst the lowest paid in the profession. Healthcare CISOs must be enabled by placing them high enough in the organization so that they can influence operations and assist the management team in making informed decisions regarding healthcare data security. Healthcare entities and business associates need to have three key building blocks for security:  

  1. Create a security strategy that aligns the security program with the healthcare culture and goals.
  2. Understand the real threats to the healthcare systems and patient data by reviewing the threat landscape that is impacting the safety of patients and their sensitive information.
  3. Take a holistic approach to security. Don’t allow the security program to be side tracked with media reports. The security program should always have the strategic goals in mind and should be adjusted as needed for changing threats and business conditions.

Organizations should start by understanding the organization’s goals for growth, new markets and culture. Then, they need to review the real threats facing the organization with a risk assessment and risk analysis to meet the requirements for the HIPAA Security Rule 45 CFR 164.308(a)(1). Finally, organizations should use the analysis as a foundation for the current maturity of their program and to guide the strategy implementation.  

Once a CISO is able to speak to the healthcare administration staff with information that relates directly to their goals and culture, they will be much more successful.

Related Blogs

August 28, 2014

Why Are Healthcare Breaches on the Rise? (Part 1)

The recent announcement of a security breach of millions of healthcare records has raised yet another alarm in the security world. Is healthcare going...

See Details

February 15, 2018

Security Simplified

It's no secret that data breaches are an ugly reality for businesses today, and despite ever increasing investments, organizations seem unable to stem...

See Details

January 12, 2018

Regarding Spectre and Meltdown

On January 3, 2018, the Graz University of Technology released their papers on identified vulnerabilities dubbed “Meltdown” and “Spectre” via the webs...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

November 09, 2017

Third-Party Breaches Will Continue Until Morale Improves

I have some bad news for you: breaches at third parties are not going to stop – not any time soon. Various studies show that somewhere between one-thi...

See Details

January 24, 2014

Trends in Credit Card Data Breaches and Why You Should Be Concerned

As FishNet Security's Incident Management team handled credit card data breaches, PFIs and other response engagements in 2013, they observed a rise in...

See Details

February 19, 2010

Mitigate Risk, Prevent Attacks | Optiv

Yesterday, the Wall Street Journal published an article by Siobhan Gorman about hackers in Europe and China who successfully broke into computers at 2...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.