Monday, April 01, 2013
Exposed healthcare data highly valuable for many organizations, expert notes
Data breaches in the healthcare industry occur with alarming frequency. For the past few years, it seems that hardly a month goes by without a hospital, medical center or other care provider reporting that patient data has been potentially exposed as the result of carelessness.
According to David Gibson, vice president at a data governance firm, data exposed in these incidents has become a highly valuable commodity for many firms, Infosecurity Magazine reported. Consequently, it is imperative for healthcare organizations to develop strategies and leverage secure file sharing tools to minimize the risk of becoming victims of these incidents.
"Data attacks are increasingly being carried out to gain access to information, which can then be used - and re-used again and again - sometimes even for marketing purposes," Gibson explained to the news source. "The irony of this situation is that, although the initial breach is carried out by people operating on the wrong side of the law, once the data is passed along - usually generating money in the process - the recipients are usually unaware of its origins."
He explained that while an organization may be suspicious of a database containing a great deal of personal information, data thieves can obscure or alter these collections to make them appear legitimate, at which point they can be sold to various companies. This personal data can be replicated and resold many times, and the individuals affected have no means of knowing that this has occurred.
The value inherent to this healthcare data is a powerful motivating factor for many cybercriminals, leading to a large number of widely reported breaches in this industry. One of the more notable of these occurred in Utah in March of last year. In this incident, hackers gained access to a server at the Utah Department of Health and acquired Social Security numbers from as many as 280,000 people and less sensitive data for up to 500,000 more.
However, it is important to note that many of the data breaches affecting the healthcare industry are not the result of concerted efforts by criminals, but rather the result of oversights or mistakes by physicians and other personnel.
This is particularly true now that healthcare institutions are increasingly implementing bring-your-own-device (BYOD) policies which allow staff members to use their personal smartphones and tablets to access patients' electronic health records (EHRs). Allowing physicians this level of flexibility can increase productivity and response times, but users will often utilize less-than-acceptable security standards on these devices, or no data protection software at all.
That is why it is essential for healthcare organizations to invest in sophisticated secure file sharing tools that can be easily installed and used by employees. It is critical that the solutions selected work on any device and operating system and do not require sophisticated, time-consuming actions on the part of workers as they access or send files.