HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

New EMC Study Highlights Impact of New Cyber Threats

Organizations in the United States are failing to stay ahead of the curve when it comes to data security and that is costing them dearly.

New research* conducted on behalf of EMC Corporation for its Global Data Protection Index 2016 shows organizations in the US – including healthcare organizations – are failing to implement the necessary technology to deal with new and emerging cyber threats.

The impact of hardware failures, power failures, software failures, and data corruption have been reduced since the study was conducted in 2014, but even so, 13% more businesses have experienced data loss and disruption in the last 12 months than in 2014. According to the study, the average cost of data loss and disruption is $914,000 per year per organization.

Part of the problem is the failure to create an “data vault” – An air-gapped secure data repository that remains secure, even in the event of a cyberattack. This is especially important given the rise in the use of ransomware.

Please see the HIPAA Journal Privacy Policy

Whereas just a few months ago cybercriminals just wanted to get their hands on sensitive data to sell on to identity thieves and other willing buyers, they have realized there are much more lucrative attacks that can be conducted. The use of ransomware has grown substantially in recent months to the high potential returns. Ransomware is now capable of spreading through a network and encrypting or deleting data backups. Organizations that fail to create secure backups using air-gapped devices have little alternative but to pay the ransom demands when cyber-extortionists succeed in infiltrating their network.

Should a ransomware attack occur, or another security incident that results in data loss or unexpected systems downtime, over 70% of respondents said they did not think their organization would be able to fully recover their system or data.

As Steve Duplessie, Founder and Senior Analyst, Enterprise Strategy Group explains,“Ransomware is dramatically raising the stakes when it comes to cyber security. We’re moving from theft, which is costly, to potential catastrophe.” He goes on to say, “You can either start taking these threats seriously, or start looking for a hole to crawl into. Ignorance is no longer bliss.”

The survey also shows that organizations are increasingly using the cloud, but too many companies are failing to adequately protect cloud data. Many are leaving data protection to cloud service providers, which can prove costly. Many SaaS application providers do not protect against accidental data loss or data deletion by employees.

80% of survey respondents said that they will be moving at least part of their email, CRM, ERP, data warehousing, customer support systems, CMS, BI, productivity apps, or archiving to the cloud in the next two years. More than half of respondents currently run email in the cloud and an average of 30% of IT infrastructure is already cloud-based. However, fewer than half of respondents said they protect against data corruption and data deletion. According to the study, 36% of organizations lost data in the past 12 months and each organization lost an average of 2.36TB of data in the past year.

*Research for the EMS study was conducted on 2,200 IT decision makers by Vanson Bourne between March and April, 2016. Respondents were all IT decision makers in organizations with more than 250 employees. Both the public and private sector were represented. Respondents were based in 18 countries, although the survey was weighted with twice as many respondents from United States, United Kingdom, France, and Germany as other countries represented in the study.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.