Wednesday, December 21, 2016

Data Breaches: Clinician sharing of data a key reason for breaches

An analysis of 5 years of data from a database of huge data breaches impacting nearly 500 individuals finds that in the year of 2016 the reporting of such breaches exceeded 300 for the 1st time.

The analysis of the database, operated by the Office for Civil Rights for the Department of Health and Human Services, comes from Safetica North America. It discovered that well-intended clinicians sharing data results in a 10% breach growth rate yearly; and this sharing is the major driver of data breaches, claims Luke Walling, general manager at Safetica, a data loss prevention vendor operating in the region of Europe for 7 years that started operations in the U.S. in the month of September.

When the 10% of well-intended sharing is combined with other tragedies of unauthorized access and disclosure, that category accounted for 41.5% of data breaches during the year of 2016, compared with 25% in the year of 2014. Hacking accounted for almost 32% this year, compared with 14% of tragedies in the year of 2014. Other breach rates in 2016 involved theft (19%), loss (5.4%) and inaccurate disposal (2.3%).

“Workers or associates accessing and sharing data they should not—or revealing it to people they should not—was the single greatest breach factor this year,” in accordance to the analysis.

As 2016 draws to a close, 15.2 million records have been compromised. That is is a lot, but the 2015 number was 113.3 million following a series of very huge attacks that involved the Anthem hack that accounted for 70% of all breaches in the year of 2015.

Medical records’ theft fell to its lowest level this year since the year of 2013, with better security education and protection of documents, as well as better devices to police networks and employee actions, claims Walling.

Hacking in the year of 2017 could really take a dip as healthcare agencies get better at controlling what they can control, and security technology and best practices also sustain to improve, Walling assumes. Although, it is wise not to get complacent, he warns. “The issue with phishing is it still works. It is immensely tough for anyone to distinguish between real and malware emails, so you have to make certain the data cannot leave the agency.”

That leads to another issue—permitting the flow of data without affecting how individuals do their jobs. Encryption obviously is a powerful protector of data, but users do not need to have to consciously decrypt and encrypt data.

Tools are available that develop rules for how files move throughout a network. A rule, for example, could auto-encrypt a file, decrypt the file to use it, and then re-encrypt it, Walling claims. “These rules make files accessible and the encryption and decryption procedures are invisible to the consumer”.

 

No comments:

Post a Comment