One of the latest surveys that were newly published revealed that over 27 of hospitals and 50% of non-acute providers such as outpatient healthcare facilities, correctional clinics, and physicians’ dispensaries are failing to encrypt patient information in transmission. Moreover, only 60% of acute providers and 45% of non-acute providers are encrypting data while at rest.
The conclusions of the study further revealed additional disturbing trends within the practices of the IT departments of various healthcare organizations.
The result of the report reveals that there is a huge potential for a data breach waiting to take place, as the lack of security measures has left the door wide open to possible manipulation and modification of patient information. If a computing or smart device, pen drive or backup were to be obtained illegally, the pilfered data could now be accessed by any individual.
The report built by the Healthcare Information and Management Systems Society also disclosed that a number of healthcare facilities have not even installed basic firewalls. Only 75% of acute care facilities such as hospitals and healthcare institutions as well as 92% of non-acute facilities employ firewalls; over 80% of acute care facilities and 91% of non-acute institutions used anti-malware and antivirus systems.
Given the hundreds of malware versions being yielded every day, a basic lack of data security will leave any organisation vulnerable to compromise. In the absence of a firewall, it will be practically impossible to forbid or reduce virus, malware and other forms of vicious unwanted software. Basic data security such as antivirus and firewalls are useful in supervising and filtering network traffic so that an organisation is not susceptible to jeopardy.
The study also revealed that IT departments within the healthcare organisations relied on fixed or outdated list of security tools, which could be due to the lack of relevant personnel or funds to address their data security requirements. It was also seen that as compared to non-acute providers, acute care providers have a greater range of security technologies in their portfolio.
Incidentally, the report also revealed that a number of healthcare organisations are continuing to struggle with network patches and vulnerability management. Only 58% of acute care providers and 40% of non-acute providers disclosed that network patches and vulnerability manage programs such as were installed in their facilities.
One of the significant threats to the healthcare IT system security was ransomware as cited by most 65% of respondents in the study. There is great reason for healthcare organisations to be extremely guarded, as the report further predicts that data breaches would cost the healthcare industry over $300 billion in the next five years.
Without a proper security plan program in place, they can be a wide window for cyber criminals to exploit unpatched areas of security and hack into critical data.
This is why it is imperative that every healthcare organisation, both acute and non-acute, invest in data security and document protection to safeguard customer and patient information and prevent disastrous outcomes.