Healthcare bodies have emerged as a prime target for hackers, putting medical data at risk. While a stolen credit card has a time-limited value, PHI and electronic medical records (EMR) are packed with immutable data that can, and do, fetch hundreds of dollars per stolen record on illegal online markets. That’s according to the the 2018 Thales Healthcare Data Threat Report, by the defence and cyber protection product company.
Past global healthcare reports have shown the US to place more of an emphasis on compliance, compared to its global counterparts. This is primarily driven by a privately focused healthcare system, which contends with a complex web of regulations and standards. The effectiveness of a compliance-based strategy is debatable: 77pc of US healthcare respondents reported at least one breach at some time in the past, making it the most breached among all U.S. verticals polled in this year’s report. Despite US struggles, 64pc of global healthcare respondents still believe compliance requirements are ‘very’ or ‘extremely’ effective at preventing data breaches, with compliance ranking first among global healthcare respondents as a driver of security spending (51pc), higher than any other sector and higher than the US (44pc).
While 83pc of global healthcare respondents plan to increase spending on security (above the global average), only 40pc of global respondents are increasing spending for data-at-rest security tools. This stance is puzzling, according to Thales, when reflecting on other findings from the report. For example, the looming deadline for the EU-wide General Data Protection Regulation (GDPR) means data sovereignty is top of mind for most international companies. Globally, encryption is the top choice for complying with privacy regulations (36pc). Unlike their US counterparts, who ranked data-at-rest defenses second-to-last in terms of effectiveness, 76pc of global healthcare respondents also ranked data-at-rest defenses (such as encryption or tokenization) as the number one tool for protecting data (tied with data-in-motion defenses).
Peter Galvin, Chief Strategy Officer, Thales e-Security says: “When it comes to data security, the global healthcare industry is increasingly under duress, which is why some of this year’s findings are so counterintuitive. For example, 63pc of global respondents are investing money in endpoint security, even though it offers little help in protecting data once perimeters have been breached. Data security spending needs to match healthcare’s reality – which is that of an industry embracing digitally transformative technologies – in the form of investments in encryption solutions offering protection to known and unknown sensitive data that has moved beyond the traditional four walls of the healthcare environment.”
