According to the 2019 Thales Data Threat Report—Healthcare Edition, many are facing data breaches because of digital transformation proposals passing through the healthcare industry. Around 70 percent of US healthcare organizations surveyed said they've suffered a data breach, with a third reporting one happening in the past year alone.
All healthcare organizations (100 percent) had collected, stored, or shared sensitive data with digital transformation technologies, the report found, but 38 percent or less are effectively encrypting their data along the way. The report said that healthcare companies experience more threat surface with the volume of personal data and information they store.
"When sensitive patient information is breached, it poses significantly longer-term risks compared to other sectors – sometimes indefinitely," Frank Dickson, program vice president for security products research at IDC, said in a press release. "Healthcare data is especially attractive to hackers because it's far more valuable than other kinds of data that can be accessed and exploited. When healthcare data is stolen, damage cannot be fully mitigated. A credit card can be cancelled or a bank account can be closed, but private patient data circulates endlessly which opens opportunities for various types of fraud to occur again and again from a single breach."
To help lessen security threats, the report provided the following suggestions for data privacy protection in healthcare:
- Concentrate on all threat vectors
- Prioritize compliance matters
- Invest in modern, hybrid, and multi-cloud based data security solutions that can scale to current architectures
- Take on new strategies, including encryption and access management
Proper application of security and network security is important to prevent any compromise from happening firstly. Encryption is considered as the best way to secure the patients’ data from being accessed once someone has found their way onto the systems. Additionally, it is crucial that encryption is implemented both at rest and in transit. The third parties and vendors who have access to the healthcare network or databases should be properly handle patient data.