Healthcare Information Security

Cybersecurity News

Healthcare Leads in Data Encryption Measures, Says Ponemon

By Elizabeth Snell

- Healthcare data encryption measures are becoming an increasingly popular topic, especially in the wake of large scale data breaches, such as Anthem and Premera. While HIPAA regulations qualify data encryption as an “addressable” aspect, rather than a “required” one, some states are beginning to incorporate encryption measures into new legislation.

data-security-privacy

A recent study shows that more industries are beginning to adopt data encryption measures, with healthcare being one of the leading sectors. Encryption is becoming more common, likely as a response to consumer concerns, privacy compliance regulations and on-going cyber-attacks, according to results from a Thales and Ponemon Institute survey.

The 2015 Global Encryption and Key Management Trends Study shows that the biggest challenge in planning and executing a data encryption strategy is discovering where sensitive data resides in the organization. Moreover, support for cloud and on-premise deployment is one of the most important features of an encryption solution.

Approximately 4,700 individuals were interviewed for the survey, from 10 countries and working in a range of sectors, including healthcare, retail, financial, and manufacturing.

The report stated that the research was meant to review the threats that organizations face and how data encryption measures are being used.

“Mega breaches and cyber attacks have increased companies’ urgency to improve their security posture,” the report’s authors said. “This is reflected in this year’s findings as more companies embrace an enterprise-wide encryption strategy — especially in healthcare and retail industries. However, they still struggle with the “pain” of managing keys or certificates.”

The most common types of data that organizations encrypt is employee or HR data, with 61 percent of respondents citing this as their top concern. Fifty-six percent of those surveyed said data encryption is used for payment-related data, while 51 percent said financial records are encrypted. Just 21 percent of respondents said they use data encryption measures on  health data.

data-types-encrypted-graphThe majority of respondents – 53 percent – reported that employee mistakes were the most salient threat to sensitive or confidential data. System or process malfunction, hackers, and temporary or contract workers were the next most common threats, according to respondents, accounting for 29 percent, 28 percent, and 21 percent, respectively.

sensitive-data-threats-graphIn the US, the most common types of encryption technologies for respondents, in terms of total usage rate, were:

  • Databases – 89 percent
  • Internet communications – 89 percent
  • Data center storage – 86 percent
  • Business applications – 86 percent
  • Backup and archives – 85 percent
  • Email – 84 percent
  • Internal networks – 83 percent

The main drivers for implementing data encryption measures could explain why the healthcare industry is leading the way for encryption. Sixty-four percent of respondents said they needed to comply with external privacy or data security regulations and requirements, while 42 percent said they had to protect information against specific threats.

drivers-for-encryption-graph“Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption,” Ponemon Institute Chairman and Founder Dr. Larry Ponemon said in a statement. “What is clear is that many organizations lack formal ownership and accountability when it comes to key management which is very concerning when you consider the value of the data being protected and operational implications of losing or mismanaging keys.”

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks