News | April 16, 2014

The Threat From Within Rife In The Healthcare Sector

Independent research finds hospitals, care providers and medical insurers experience twice as many internal security breaches in comparison to other sectors

Organisations in the healthcare sector are experiencing double the average amount of internal security breaches, in comparison to all industries. The findings are based on research revealed in security software vendor IS Decisions’ report ‘The Insider Threat Security Manifesto’.

The research also found that despite IT professionals in the healthcare sector being more concerned about insider threats than their colleagues in other industries, with 30% considering it to be in their top three security priorities compared to 21% on average, they spend less on security overall with 12% of budget spent compared to the average of 15%.

Internal security appears to be a more serious issue in healthcare than other industries such as finance or retail, with 16% of IT professionals in the sector citing that internal security concerns them more than external, in comparison to just 7% of all other IT professionals. The reason may be connected to the proliferation of password sharing in healthcare, as IT professionals estimates suggest 30% of employees in healthcare sharing passwords, higher than the average of 25%

Concern is directed at newly hired staff in particular, who were only a worry for 8% of IT professionals in other industries, but 25% of IT professionals in healthcare.

Fortunately, IT professionals in healthcare are on average slightly more aware that technology can help them address internal security, with 18% agreeing this is the case compared to 14% overall.

François Amigorena, CEO, IS Decisions said: “Against the background of the debates going on in both the US and the UK about patient data, with Obamacare and Care.data, it is worrying to see that the healthcare sector appears to have a particular problem with internal security. Your own employees are the most likely source of a data breach, and it appears that in healthcare that is an even bigger problem than elsewhere. Considering the sensitive nature of patient data, this suggests that there is significant reason for concern.”

“Internal security is a cultural issue, as exemplified by the issue of password sharing which again is more common in healthcare, but technology can help you address it. As we are seeing more and more patient data being stored digitally, it’s important that the appropriate steps are being taken to ensure that that data is secure from both malicious attack and accidental breaches.”

Methodology
Research conducted by CensusWide on behalf of IS Decisions among 250 IT decision makers in the UK and 250 IT decision makers in the US.

About IS Decisions
IS Decisions makes it easy to safeguard and secure your Microsoft Windows and Active Directory infrastructure. With solutions for user access control, file auditing, server and desktop reporting, and remote installations, IS Decisions combines the powerful security today’s business world mandates with the innovative simplicity the modern user expects. Over 3,000 customers around the world rely on IS Decisions to prevent security breaches; ensure compliance with major regulations, such as SOX, FISMA and HIPAA; quickly respond to IT emergencies; and gain time and cost-savings for IT.

IS Decisions is a Microsoft Silver Partner based in Biarritz, France. Customers include American Express, BAE Systems, Blue Cross Blue Shield, BMW, Computer Sciences Corporation, FBI, Frito-Lay, GlaxoSmithKline, IBM, Lockheed Martin, Mitsubishi, Oxford University, South Wales Police, TimeWarner, United Nations Organization, US Department of Justice, US Department of Veterans Affairs and US Navy Marine Corps.

Source: IS Decisions