Bitglass News

Device Theft Dominates Healthcare Data Breaches

By Bitglass | Nov 4, 2014 5:00:00 AM

Bitglass, the Total Data Protection company, today announced the findings from its 2014 Healthcare Breach Report. Bitglass analyzed healthcare data breaches from the past three years and found that 68 percent of breaches since 2010 occurred because devices or files were lost or stolen, while only 23 percent were due to hacking. The report also found that more than 76% of all records breached were the result of loss or theft. The findings come from analyzing data on the United States Department of Health and Human Services’ “The Wall of Shame,” a database of breach disclosures required as part of the Health Insurance Portability and Accountability Act (HIPAA).

“Nearly half of all data breaches reported in the U.S. are healthcare related,” said Nat Kausik, CEO of Bitglass. “While major hacking events more commonly make headlines, our research shows that unprotected data on lost or stolen devices represents the majority of breach activity in healthcare. Some of these devices contain hundreds of thousands of records. This reaffirms the need for healthcare organizations to reevaluate their security and compliance strategies.”

Recent studies have also shown that healthcare data is 50 times more valuable than credit-card information on the black market. Unlike fraudulent charges made on stolen credit cards, which financial institutions will cancel, compromised protected health information (PHI) is the responsibility of the patient.

“The credit card industry’s efforts to adopt chip-and-PIN technology will further devalue stolen credit card information, making healthcare data an even more attractive target for hackers. And unlike credit cards, which limit personal liability for fraudulent transactions, there are no such protections in place for victims of healthcare fraud,” said Rich Campagna, VP of Products at Bitglass.

Enterprises simply feed logs to the Breach Discovery service and receive reports carrying ranked alerts with drill-downs by various parameters to assist in remediation of the breach. In contrast, traditional on-premise log analytics and SIEM solutions require substantial investments in hardware, software and personnel to install and maintain, with additional manpower and risk intelligence to interpret and investigate a firehouse of unranked alerts.

The report is available here.

Bitglass is Recommending Two Key Considerations for Healthcare Data Security in Today’s World of Cloud Apps and Mobile Devices

Secure Data not Devices or Networks: By securing sensitive data as it flows down to end-user devices, health care organizations ensure that even if the device is lost or stolen, sensitive data is not compromised. Technologies such as on-the-fly encryption, redaction, DLP and DRM on sensitive data must be dynamically and automatically applied by policy.

Make Data Security a User-Friendly Experience: Mobility enables healthcare workers to spend more time on their patients. Any solution that hinders productivity is bound to attract workarounds that defeat security policies. In the same vein, security solutions should be easy to deploy and maintenance should not be burdensome, as it does is not easily scale and can become costly.