The State of Healthcare Security Breaches

Security breaches in are, no doubt, terrible for business owners. But when dealing with the healthcare sector, these breaches intensify in their potential for causing humiliating, or potentially, dangerous ramifications.

In 2010, 42,275 people were affected by stolen, paper healthcare records, encouraging hospitals to make the switch to electronic health records. Still, industry experts say that electronic health records are still at risk from security breaches if they aren’t handled with care. Kroll Advisory Solutions found that the frequency of healthcare data breaches has increased steadily over the past six years, and the main cause is a lack of training and awareness among staff.

“Human error by employees was a major factor in health breaches, according to respondents [in the 2012 Kroll/HIMSS Analytics Report]. Of the respondents, 79% said security breaches were initiated by an employee, and 56% said breaches occurred because employees had unauthorized access to information.” – Brian T. Horowitz, health writer at eWeek.

"Any server or other data warehouse with patient health information must be securely protected. The expanded use of mobile devices offers new operational efficiencies and increased vulnerabilities. Security steps for mobile devices should be included in the action plans so that guidelines are set.” – Lisa Gallagher, senior directory of privacy and security for HIMSS.

“Another significant takeaway [from the 2012 Kroll/HIMSS Analytics Report] is that mobile devices might be great for giving clinicians information at the point of care – but they're not so good at keeping PHI safe. Nearly a third (31%) of respondents indicated that information available on a portable device was among the factors most likely to cause a breach (up from 2%  in 2010 and 4% in 2008).” – Mike Millard, managing editor at Healthcare IT News.

“As healthcare organizations turn to sources like the cloud and like remote computing, one of the things I think that every healthcare organization should do is to look across its suite of applications, is for those they are not hosting, that are not running on a remote server, that are running in the cloud if you will. They should be asking the questions like, what logs are there, what security features are there, what record keeping is turned on? As we move toward portability of electronic medical records, as we move toward new and evolving systems of payment, you can be certain that the risk factors are going to change. So, I think the key is continual vigilance; you can never get to the point of saying it’s good enough. Because the best you can is say it is good enough right now, today, under the circumstances in which we find ourselves.” – Alan Brill, senior managing director at Kroll Inc.

Security breaches in the healthcare industry might be inevitable. But with employee training, awareness and advanced data encryption on devices, healthcare professionals stand a better chance at preventing their patients from turning into victims.

Sylvia Rosen is an online writer who writes on a variety of security topics, trends and tools such as document management systems