Healthcare Information Security

Cybersecurity News

IT security survey finds data location, monitoring concerns

By Patrick Ouellette

- A recent Ponemon Institute study, State of Data Centric Security, gauged how 1,587 Global IT and IT security practitioners across 16 countries view today’s threat landscape and what their biggest concerns are.

While the findings mainly aren’t limited to healthcare (9 percent of respondents were health and pharmaceutical), the results help offer insight as what types of security needs other industries are focusing on. For instance, 57 percent of respondents said the uncertainty of the location of sensitive data is more of a concern to them than a potential hacker or malicious employee. An example of this fear in healthcare was news that Medtronic had to deal hackers from Asia, who were not able to steal any patient data, but it was unable to locate some patient records after hackers were able to access its diabetes unit network.

For purposes of this research, data centric security assigns a data security policy at creation and follows the data wherever it gets replicated, copied or integrated—independent of technology platform, geography or hosting platform. Data centric security includes technologies such as data masking, encryption, tokenization and database activity monitoring.

A mere 16 percent of respondents said they know where all sensitive structured data is located, and even less (7 percent) know where unstructured data is. Part of the issue is access control, as 19 percent say their organizations use centralized access control management and entitlements and 14 percent use file system and access audits. Moreover, 60 percent of respondents are not using automated solutions to locate sensitive data.

  • What DOJ health data breach settlement means for 2013
  • Public Server Exposure Creates PHI Data Security Worries for 200K
  • AHA Calls for Revisions in Healthcare Data Privacy Rule
  • How a community hospital CIO stays ahead of the security curve
  • Securing Healthcare Networks from Advancing Cyber Threats
  • ECRI: Healthcare Ransomware, Cybersecurity Threats Top Concerns
  • CMS offers new HIPAA Administrative Simplification FAQs
  • Maintaining HIPAA Compliance While Preparing for HIPAA Audits
  • Health Data Breaches Expose Info. in NH, NJ and NY
  • THSA, EHNAC partner for TX-HIE accreditation program
  • Healthcare cybersecurity, compliance: Avoidable breaches
  • HHS proposes new CHP HIPAA compliance requirements
  • Microsoft ends Windows XP security patches: Health IT impact
  • ONC delivers EHR certification privacy and security guidance
  • Tucson patients’ data exposed; HHS breach tool updated
  • OSEHRA, VA reveal open source EHR security patching benefits
  • NHC HealthCare Oak Ridge loses unencrypted backup tape
  • Why Reducing Insider Threats Must Remain a Top Priority
  • C-Suite May Lack Awareness of Healthcare Supply Chain Risk
  • How Rush Medical Stays HIPAA Compliant, Uses Cybersecurity
  • 12K Affected in ShopRite Supermarkets Data Security Incident
  • Recent Cybersecurity Bill Focuses on State, Local Preparation
  • Will HIPAA Compliance be Affected by Ebola?
  • DirectTrust meets ONC HIE security accreditation goals
  • Why EHR Vendors Are Next Healthcare Data Breach Target
  • How must mHealth App Developers Follow HIPAA Regulations?
  • Advocate Medical Group endures massive data breach
  • Healthcare Leaders Discuss Latest EHR Security and MU Concerns
  • Hacking Still Leading Cause of 2015 Health Data Breaches
  • NIST Cybersecurity Framework To Get Privacy Framework Companion
  • How HHS’ HCCIC Will Improve Healthcare Cybersecurity
  • UUHC works on HIPAA compliant storage, backup
  • Mobile Security a Barrier to Health App Use, Study Shows
  • Why ‘Cautiously Optimistic’ is the Healthcare Security Mindset
  • eHealth Initiative survey: HIE security questions linger
  • 30 Percent of Online Health Databases Expose Patient Data
  • Calif. AG offers medical identity theft prevention tips
  • Potential Ransomware Attack Encrypts Patient Data in KY
  • Planned Parenthood Health Data Breach Affects 2K Patients
  • Easing HIPAA Violation Concerns with Patient Data Access
  • Healthcare Data Security Key Part of NIH All of Us Program
  • Unencrypted Discs with PHI Create Potential Health Data Breach
  • How Does HIPAA Compliance Apply in the Healthcare Cloud?
  • UnityPoint Allegedly Mishandled Healthcare Data Breach
  • Healthcare data encryption methods for healthcare providers
  • OCR Calls for Healthcare Cybersecurity Collaboration
  • Medical Device Security Should Be Focus for Healthcare Providers
  • Preparing for Increasing Healthcare Cybersecurity Risks
  • HIPAA Violation, Records Dump Expose Patient Data
  • Health Data Security Part of OIG Health Reform Plan
  • DeSalvo Leaves ONC for HHS Role
  • Health Data of 974,000 UW Medicine Patients Exposed for 3 Weeks
  • Employees File Lawsuit Following Lincare Holdings Data Breach
  • OCR offers guidance for PHI de-identification
  • Securing different types of HIEs
  • PHI Data Breach Report Shows Increase in Data Breach Rate
  • Micky Tripathi weighs in on HIE security standards
  • HITRUST Program Identifies Healthcare Cybersecurity Threats
  • A Legal Breakdown of HIPAA, NAIC Cybersecurity Guidelines
  • Earlier HIPAA Audits Help Healthcare Data Breach Prevention
  • ONC Chief Privacy Officer assesses data privacy challenges
  • Theft at DFSS in Chicago could lead to health data breach
  • CHIME launches CSO education, collaboration initiative
  • Robust Health Data Security Needed for PHI-Laden Mobile Devices
  • Uber Health Prioritizes Patient Data Security, HIPAA Compliance
  • ONC Workgroup Discusses Health Big Data Security
  • Secure Texting Becoming 1st Choice for Sending Healthcare Data
  • Physicians Charged with Healthcare Fraud, Identity Theft in PR
  • Webinar offers tips on HIPAA compliance, breach management
  • HIPAA-compliant hosting considerations for covered entities
  • Protenus, RADAR Partner to Mitigate Healthcare Cybersecurity Risks
  • Hospital Data Breaches Most Common, Affect the Most Patients
  • Is HIE Security Affected with Health Record Integration?
  • Healthcare Cybersecurity Pushed in EHNAC, NH-ISAC Agreement
  • A look at HIPAA physical safeguard requirements
  • Health Data Privacy Not a Concern for Health Tech Consumers
  • A look back at CDT HIPAA Omnibus Rule commentary
  • Top 10 Healthcare Data Breaches for 2014
  • BCBS Mich. Employee Stole Patients’ Personal Information
  • Another Major Storm, Another HHS HIPAA Privacy Rule Waiver
  • Poll Finds Healthcare Cybersecurity Needs Managed In-House
  • $2.3M OCR Settlement Reached for 21st Century Oncology Data Breach
  • Understanding HIPAA Regulations and Their Applications
  • L.A. County boosts encryption policies after data breach
  • Alabama Medicaid Data Security, Information Security Can Improve
  • AMIA Stresses Patient Data Security Concerns in Federal Rule
  • DENT Neurologic Institute informs patients of data breach
  • NIST evaluates cryptographic standards: Healthcare impact
  • Florida Proposes State Biometric Data Privacy Legislation
  • NSTIC credential efforts may clear path for healthcare security
  • Reviewing the HIPAA Risk Assessment Process
  • Healthcare Employee Mistakenly Donates CDs with PHI
  • Massachusetts Physician Convicted of Criminal HIPAA Violation
  • Proposed NY Data Breach Legislation Accounts for PHI Security
  • Creating your Enterprise Healthcare Mobility Network
  • How HIPAA Regulations Allow for Patient Data Access
  • Duke Health System notifies patients of data breach
  • Are Health Data Breaches Becoming Too Common?
  • Tiger Teams seeks to conclude accounting of disclosures talks
  • Maintaining Patient Data Privacy, Security in Data Sharing
  • About 40 percent of respondents said they use automated solutions, and 64 percent of those respondents use it for discovering where sensitive or confidential data are located in databases and enterprise applications. Additionally, 22 percent use it to discover data in files and emails and another 51 percent said migration to new mobile platforms is a concern.

    Healthcare perspective

    Some of these apprehensions regarding “finding the data” line up with what healthcare IT experts have told lately. Specially, a critical aspect of conducting a risk analysis is having a strong understanding of where the data is and being able to organize it between structured and unstructured information. Once it’s located and quantified the data, the organization can determine the best ways to secure the information. As referenced above, automation technologies may be a way toward efficiently locating that data.



    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks

    Continue to site...