Data Loss and HIPAA Breaches Biggest Fear of Health Professionals

A new report released by CDW indicates the biggest fear of healthcare IT professionals is data loss, and in the case of healthcare, the accompanying HIPAA violation penalty.

It is not only the health industry that worries about data loss. The survey suggest the same fear is shared by IT professionals in all industries. Healthcare, business, finance and higher education sectors had over 50% of respondents listing data loss as their biggest concern. For healthcare providers the data includes Protected Health Information and Social Security numbers, the consequences of loss of that data can be very severe.

Malicious attacks were rated as the biggest fear by 18% of respondents, 14% said evolved forms of current threats were the biggest worry and 13% believed social engineering would be the main problem. Bots and mobile threats were rated at 9% and 8% respectively, and 6% had no idea where the main threat was coming from. Perhaps that is the most worrying statistic of all.

50% of respondents believed customer, student, employee and patient records would be the most likely data to be targeted, with 19% saying credit card theft was the main worry.

The report from CDW doesn’t make for pleasant reading and is enough to send a shiver down the spine of many an IT professional. One in four organizations have reported data loss in the past two years, while email, networks and protected information was also placed in jeopardy.

The survey showed that the majority of organizations – out of the 654 participants in the study – had implemented multi-layered security systems and numerous controls to protect data such as PII and PHI.

35% of respondents rated their security with an A, and over 80% of those organizations said they had installed the following security measures to protect data.

  • Web security filters
  • Encrypted storage
  • Data loss prevention
  • Encrypted backups
  • Encrypted email gateways
  • End point security
  • End point data loss prevention

For the remaining 65% of organizations, which gave their companies a B to an F rating, uptake in the same categories was employed in around 65% of cases as a whole, with encryption of email and backups less likely to be used, while end point loss prevention was only employed by 52% of professionals, perhaps indicating why data loss was keeping so many IT professionals awake at night.

Also enough to give an IT professional a headache is the rapid increase in the number of network users, while budgets often have not increased accordingly. In the last two years, the survey shows the number of people accessing the network has increased an average of 41%, with 59% of organizations using both staff owned and employee owned phones.

71% of healthcare IT professionals rated their organization’s data security policy as effective, in third place in the table. First was the financial sector at 91%, with higher education last with 58%.

57% of healthcare providers said their security policies were uniformly deployed for employee and employer-owned mobile devices; however only 66% said they had defined security procedures for employee-owned mobile phones.

Until security is increased, data loss is likely to continue to be the biggest worry.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.