When it comes to patient data privacy, compliance and security differ

robot 707219


Help Net Security 

If a name perfectly underscored a growing issue of concern, it’s Anthem. In February, the health insurance plan provider disclosed cyber attackers had breached its IT system for several weeks and obtained consumers’ personal data. The message this revelation spread is that healthcare-related organizations are increasingly prime targets for hackers and cyber thieves.

Retailers, of course, also have been frequent marks, with millions of consumer files breached. But with the retail industry toughening its data defenses and financial institutions cancelling cards to protect consumers, cyber crooks are turning to what they consider more valuable and vulnerable targets: healthcare organizations. Blame the growing number of entry points to protected health information and other sensitive data via electronic health and personal records.

In addition, for one reason or another, many healthcare-related organizations just haven’t done all that much to tighten their network security or invest in more sophisticated event monitoring to better secure their patients’ records, including health and financial data.

As a result, healthcare organizations accounted for 42 percent of all major data breaches reported in 2014. And Experian, which issued its second annual Data Breach Industry Forecast in December, expects that percentage to grow “until the industry comes up with a stronger solution to improve its cybersecurity strategies,” as asserted by Michael Bruemmer, vice president at Experian Data Breach Resolution, in a written statement accompanying the report.

read more at: http://www.net-security.org/article.php?id=2233