A recent Ponemon study, provides the following perspective on the security of healthcare data: “Fifty-one percent of respondents say their organization has personnel with the necessary technical expertise to be able to identify and resolve data breaches involving the unauthorized access, loss or theft of patient data. This is virtually unchanged since 2015. Criminal attacks are the root cause of most data breaches. Fifty percent of healthcare organizations report the root cause of the breach was a criminal attack, 41 percent of respondents say it was caused by a third-party snafu. Insiders in business associates are the main root cause of medical identity theft. Healthcare organizations and business associates believe they are more vulnerable to a data breach than other industries. An overwhelming majority of healthcare organizations (69 percent) and business associates (63 percent) believe they are at greater risk for a data breach than other industries. More investments in technologies to mitigate a data breach are needed. Healthcare organizations depend mainly upon policies and expertise to respond to data breaches.”
Relying primarily on policies and expertise is not effective based on what we have seen in recent data breaches across different industries.