Healthcare Information Security

Cybersecurity News

IT security survey finds data location, monitoring concerns

By Patrick Ouellette

- A recent Ponemon Institute study, State of Data Centric Security, gauged how 1,587 Global IT and IT security practitioners across 16 countries view today’s threat landscape and what their biggest concerns are.

While the findings mainly aren’t limited to healthcare (9 percent of respondents were health and pharmaceutical), the results help offer insight as what types of security needs other industries are focusing on. For instance, 57 percent of respondents said the uncertainty of the location of sensitive data is more of a concern to them than a potential hacker or malicious employee. An example of this fear in healthcare was news that Medtronic had to deal hackers from Asia, who were not able to steal any patient data, but it was unable to locate some patient records after hackers were able to access its diabetes unit network.

For purposes of this research, data centric security assigns a data security policy at creation and follows the data wherever it gets replicated, copied or integrated—independent of technology platform, geography or hosting platform. Data centric security includes technologies such as data masking, encryption, tokenization and database activity monitoring.

A mere 16 percent of respondents said they know where all sensitive structured data is located, and even less (7 percent) know where unstructured data is. Part of the issue is access control, as 19 percent say their organizations use centralized access control management and entitlements and 14 percent use file system and access audits. Moreover, 60 percent of respondents are not using automated solutions to locate sensitive data.

  • Unencrypted Flash Drive Lost, Privacy Incident for 2K
  • Utilizing Strong Cyber Hygiene for Ransomware Preparation
  • VA patients discuss secure messaging barriers, benefits
  • Cybersecurity pro Nicholas Percoco joins KPMG LLP
  • NHHIO leaders talk HIE, HISP privacy and security
  • Cybersecurity Attacks Targeting Healthcare Companies
  • PHI Incidents Affect 640 Veterans in October, Says VA Report
  • HIPAA BAA, patient data flow strategies for an HIE
  • HHS proposes new CHP HIPAA compliance requirements
  • Patient privacy, consent crucial to HIE governance framework
  • Addressing FTC Jurisdiction Over HIPAA Covered Entities
  • Small health providers using audit logs for HIPAA compliance
  • FDA Releases Medical Device Cybersecurity Draft Guidance
  • ‘Small Number’ Of Laptops With PHI Missing From Ambulances
  • How Can Covered Entities Best Prepare for Ransomware Threats?
  • Preparing Against Current Healthcare Cybersecurity Threats
  • Beebe Healthcare suffers breach through contracted employee
  • Picking a GRC vendor: Healthcare considerations
  • ONC rural HIE toolkit includes privacy and security tenets
  • Patients sue Dorn VA medical center for health data breach
  • LewisGale Regional Health System experiences data breach
  • Precision Medicine Initiative Security Framework Released
  • Are Healthcare Cybersecurity Measures Strong Enough?
  • Florida physician group notifies 4,400 patients of breach
  • UCLA Health compliance chief offers HIPAA perspective
  • Breaking Down Meaningful Use, Health Data Security
  • Using Layered Security for Evolving Cybersecurity Threats
  • Employee Healthcare Data Security Awareness Top Industry Threat
  • How Healthcare Benefits from Cybersecurity Guidelines
  • HIPAA Compliance, Data Breaches Are Top 2015 Stories
  • Senators, AHIMA Voice HIT Security, Interoperability Concerns
  • Patient VDT portal authentication: Privacy considerations
  • Illinois Governor Vetoes Data Breach Notification Bill
  • ONC outreach will help shape HIE security in 2014
  • Assessing the impact of HHS settlement with Hospice of North Idaho
  • Will OCR leadership changes affect healthcare organizations?
  • HIPAA Compliance Discussed in ACOG Social Media Guidelines
  • New Federal CISO Set to Bolster National Cybersecurity Measures
  • Monitoring Risk and Staying HIPAA Compliant
  • Healthcare BYOD security considerations and concerns
  • HHS Clarifies HIPAA Regulation Patient Right of Access Costs
  • Calif. Patient Privacy Case Reaches State Supreme Court
  • Addressing healthcare mobile security from a legal standpoint
  • Healthcare Data Breaches Top Concern in 2016, Says Experian
  • Patient files Carol Milgard Breast Center privacy complaint
  • DoS, DDoS Attack Prevention Measures for Covered Entities
  • Industry Applauds HHS Cybersecurity Task Force Report
  • Farzad Mostashari at HIMSS13: HIE security is paramount
  • Phoebe Putney Memorial notifies 6,777 patients of breach
  • Senators Present Bill Aimed at Health IT Security Standards
  • CMS provides Meaningful Use privacy and security tips
  • FDA, NH-ISAC to share medical device cybersecurity tips, risks
  • VA’s Roger Baker updates EHR security strategy
  • Health Data Sharing at Forefront of Genetics Deal
  • Excellus BCBS Data Breach Affects 7M Individuals
  • Is HIE Security Affected with Health Record Integration?
  • OCR Director’s USCIS nomination: Points of clarification
  • Misprinted Letter Leads to Affinity Health Plan Data Breach
  • HIMSS13 Day One security takeaways
  • Second Email Phishing Scam Hits Ascension Health Facility
  • Former OCR advisor David Holtzman joins CynergisTek
  • Phishing Scam Leads to Potential PHI Exposure
  • CMS proposes data breach reporting rules for new HIX
  • Does NAIC Cybersecurity Bill of Rights Affect Healthcare?
  • Ransomware Attack Mitigation in Updated ONC SAFER Guide
  • OCR HIPAA Settlement Costs Triple-S $3.5 Million
  • Does Employee Access Hinder Patient Data Security?
  • ONC Stresses Improved Patient Data Access Measures
  • Healthcare data encryption trends and methods
  • WellPoint and HHS agree to health data breach resolution
  • FTC spring webinar to focus on patient mobile app security
  • How to Successfully Integrate Secure Texting, Messaging
  • Latest OCR HIPAA Settlement Highlights BAA Importance
  • Dell Healthcare releases Latitude 10 Enhanced Security Tablet
  • Why Healthcare Data Encryption Should Be Considered
  • Committee Investigation Claims OPM Data Breach was Preventable
  • Potential Horizon BCBS Data Breach for 170K from Printing Error
  • Exco In Touch completes HIPAA, NIST audit
  • Centura Health alerts 1,000 patients of phishing attack
  • Tiger Team reviews Stage 3 Meaningful Use privacy and security
  • Cybersecurity Can be Improved with Info Sharing, Says NH-ISAC
  • Thieves steal laptop with PHI from California internist
  • Maintaining Health IT Security While Moving to the Cloud
  • OCR outlines recent privacy education, outreach efforts
  • CAQH CORE to host HIPAA compliance session
  • HITRUST Creates Group to Improve Health Information Security
  • Palm Beach County Health weathers latest health data breach
  • OIG Finds Information Security Issues with VA Audit Logs
  • How Healthcare IT Teams Bring Value and Security to Providers
  • Protecting Patient Privacy Top Priority, Says
  • Addressing health cyber risks with intelligence sharing
  • Omnicell health data breach details emerge
  • Bizmatics Healthcare Data Breach Affects Another 22K Patients
  • ONC Releases Educational Videos on HIPAA Rights for Patients
  • University Urology of Tenn. releases data breach statement
  • FTC Settles Dental Software Patient Data Encryption Case
  • Calif. Patient Data Sharing Guidance Aids Mental Health Care
  • Education, Planning Critical in Ransomware Preparation
  • Vendors gearing up for HIPAA compliance with audit programs
  • HITRUST Aids Small Orgs in Healthcare Cybersecurity Threats
  • About 40 percent of respondents said they use automated solutions, and 64 percent of those respondents use it for discovering where sensitive or confidential data are located in databases and enterprise applications. Additionally, 22 percent use it to discover data in files and emails and another 51 percent said migration to new mobile platforms is a concern.

    Healthcare perspective

    Some of these apprehensions regarding “finding the data” line up with what healthcare IT experts have told lately. Specially, a critical aspect of conducting a risk analysis is having a strong understanding of where the data is and being able to organize it between structured and unstructured information. Once it’s located and quantified the data, the organization can determine the best ways to secure the information. As referenced above, automation technologies may be a way toward efficiently locating that data.


    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks