HITRUST Says Healthcare Industry Can’t Protect its Data

The latest report from the Health Information Trust Alliance  sheds new light on the state of cybersecurity in the healthcare industry. HITRUST’s statistics suggest that while the some progress has been made in the past few years, the industry as a whole is not yet equipped to properly ensure patients’ privacy.

The organization says that the industry experienced 495 breaches since 2009. Over 21 million records have been compromised as a result, amounting to estimated loss of $4 billion.

Physician practices with less than 100 workers accounted for over 60 percent of these breaches, a statistic HITRUST attributes a shortage in the necessary skills needed to protect patient data. This is to say smaller practices don’t normally have an IT department, but it goes beyond that as well: paper records comprised 24 percent of healthcare breaches since 2009.

Surprisingly, theft, loss, and unauthorized access accounted for the overwhelming majority of incidents. HITRUST blames a mere eight percent on hacking and malware:

“Data we receive from other sources strongly indicates that U.S. healthcare organizations of all types are experiencing data loss due to viruses, attacks by cyber criminals, password sharing by clinicians, and the prevalence of vulnerabilities in electronic health record (EHR) technologies that are not communicated,” said Nutkis.

Institutional providers also remain vulnerable. While the number of reprted incidents declined by over 70 percent in 2010 and only 14 breaches were reported in the first half of 2012, 54 percent of healthcare organizations participating in the survey had little to no confidence in their ability to detect all data loss or theft.

The successful attack on Utah healthcare administrators earlier this reflected this stark reality. In April, the Utah Department of Technology Services and the Utah Department of Health revealed that Eastern European hackers got their hands on the personal information of nearly 200,000 patients.

About Maria Deutscher

Maria Deutscher is a staff writer for SiliconANGLE covering all things enterprise and fresh. Her work takes her from the bowels of the corporate network up to the great free ranges of the open-source ecosystem and back on a daily basis, with the occasional pit stop in the world of end-users. She is especially passionate about cloud computing and data analytics, although she also has a soft spot for stories that diverge from the beaten track to provide a more unique perspective on the complexities of the industry.