Bigger data means bigger security problems for healthcare

Last year, Verizon’s 2015 Protected Health Information Data Breach report fired a critical warning at the healthcare industry, reporting that 90 percent of industries have experienced patient data breaches. While HIPAA and the HITECH Act provide a much-needed framework for protecting patient data in the healthcare industry, headlines over the past year have shown that compliance is not enough. IT environments have evolved and become increasingly reliant on big data, resulting in an overwhelming volume of information that must be both accessible to those who need it and protected from those who don’t.

Advertisement

Suni Munshani, CEO of Protegrity

 

Most healthcare organizations understand that they need to change the way they secure their data, and at the same time realize that their solution needs to be comprehensive, scalable and long-term. They also realize that the rise in big data analytics along with advancements in mobile and cloud technology mean that traditional data security alone is insufficient. So, why are these organizations still getting hacked? Why is patient information still at risk? Why is all of this understanding and knowledge about threats not resulting in more advanced and robust data security for Protected Healthcare Information (PHI) and Personally Identifiable Information (PII)?

Evolving Challenges and Threat Landscape

PHI and PII have a black-market price of up to 50 times the going rate for better-protected, harder to reach Payment Card Industry (PCI) information. This means that hackers are working harder than ever to leverage the vulnerabilities in healthcare business networks and workforces to gain unauthorized access to data. Because of this, healthcare companies need to understand where their challenges and vulnerabilities are in order to protect themselves.

Specific data security challenges include:

  1. Data living beyond the traditional network. Mobile and cloud technologies have blurred the enterprise perimeter. Traditional data security alone is no longer a sufficient defense against persistent and varied attacks. Organizations are challenged to identify a comprehensive and strategic approach to protecting data itself in order to mitigate reputational and financial impact should a breach occur. This is particularly true for large, distributed healthcare organizations.
  2. Security with usability. Healthcare data must remain accessible to the users who require it. Organizations are challenged to implement solutions that are flexible enough to enable critical access while being robust enough to secure vast quantities of data.

Thinking Short Term, Planning for Long Term

While all healthcare companies need to think about a comprehensive, long-term data security strategy, there are actions that can be taken in the short term to make an immediate difference with today’s resources. This includes:

  1. Providing security awareness training for all employees. This training should be tailored to highlight the particular security hazards of their roles and improve password protection.
  2. Preventing privileged users, such as DBAs and system administrators from unnecessarily accessing data and enforce available Least Privilege Rules. It is critical to offer the least amount of information required to both employees and patients as many successful attacks have happened as a result of compromised data being used to verify individuals’ identities.
  3. Verifying that online applications are secure and free of the most common and dangerous attack vectors. Additionally, monitor “normal” network activity to be alert for anomalous behavior.

Thinking Long Term, Planning for the Bigger Picture

Modern encryption and tokenization solutions de-identify sensitive data, making stolen data useless to thieves while preserving its integrity and value. EMR databases, payment processing, even HR systems are all connected and enterprises should consider interoperable protection that follows the data itself to prevent more susceptible systems or users from being the weakest link.

The amount of data that the healthcare industry must manage isn’t going to decrease anytime soon – and meeting compliance standards is simply not enough. All companies handling PHI must be more responsible for their data, enabling solutions that meet regulatory and legal compliance programs while proactively protecting data from the real and actively advancing threats facing their organization today.

Suni Munshani joined Protegrity as CEO in May of 2011 to accelerate growth and execute strategies to extend Protegrity’s leadership position in the enterprise data security market. He brings more than 25 years of broad and diverse global business experience, having previously served as CEO of Novitaz, a customized data provider for the retail and hospitality sectors. Prior to Novitaz, he served as a managing partner at Persephone Investments, a venture capital firm focused on early stage investments, where he led the firm’s investment in Synetics, Inc. and eventually assumed the role of CEO and led Synetics’ acquisition to Affiliated Computer Services, a NASDAQ listed company (later acquired by Lockheed Martin.)

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker’s Hospital Review/Becker’s Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.​

 

AI in dental ops: How practices are moving from missed calls to maximized chairs

Recommended Live Webinar on Mar 25, 2026 11:00 AM - 12:00 PM CST

Advertisement

Next Up in Health IT

Advertisement

Comments are closed.