Healthcare Information Security

Cybersecurity News

IT security survey finds data location, monitoring concerns

By Patrick Ouellette

- A recent Ponemon Institute study, State of Data Centric Security, gauged how 1,587 Global IT and IT security practitioners across 16 countries view today’s threat landscape and what their biggest concerns are.

While the findings mainly aren’t limited to healthcare (9 percent of respondents were health and pharmaceutical), the results help offer insight as what types of security needs other industries are focusing on. For instance, 57 percent of respondents said the uncertainty of the location of sensitive data is more of a concern to them than a potential hacker or malicious employee. An example of this fear in healthcare was news that Medtronic had to deal hackers from Asia, who were not able to steal any patient data, but it was unable to locate some patient records after hackers were able to access its diabetes unit network.

For purposes of this research, data centric security assigns a data security policy at creation and follows the data wherever it gets replicated, copied or integrated—independent of technology platform, geography or hosting platform. Data centric security includes technologies such as data masking, encryption, tokenization and database activity monitoring.

A mere 16 percent of respondents said they know where all sensitive structured data is located, and even less (7 percent) know where unstructured data is. Part of the issue is access control, as 19 percent say their organizations use centralized access control management and entitlements and 14 percent use file system and access audits. Moreover, 60 percent of respondents are not using automated solutions to locate sensitive data.

  • Why Healthcare Privacy and Security Need a Holistic Approach
  • HIPAA security risk assessment tool: Small provider needs
  • OCR senior advisor: Stay tuned on HIPAA audit timeline
  • Healthcare Cloud Security Concerns Not Impediment to Usage
  • GAO report finds CMS lacking in SSN removal technology
  • Barnabas Health sends patient data breach notifications
  • Creating Secure Healthcare BYOD Environments, Communication
  • The Opportunity and Challenge in Healthcare Data Security
  • HHS Reiterates OCR Ransomware Guidance after Recent Attack
  • Physician: Efficiency factors into two-factor authentication
  • Why Data Security is Critical with Healthcare Blockchain
  • Regular Data Backups Key in Ransomware Prevention, Response
  • Patient VDT portal authentication: Privacy considerations
  • Cloud HIPAA BAA considerations for healthcare providers
  • How Automation Aids Data Security, Improves Patient Satisfaction
  • Overseeing healthcare mergers from a security perspective
  • Understanding Ransomware and Healthcare Data Security
  • Redspin service combines HIPAA and PCI DSS analyses
  • Why HIPAA Privacy and HIPAA Security Rules are Needed
  • Healthcare Data Breaches Hit Calif. & Ill. Facilities
  • NY Proposes New Data Security Law, Includes Health Info.
  • Utilizing Business Associate Agreements in Breach Prevention
  • Why Healthcare Cloud Management is a Top Industry Concern
  • Current HIPAA Requirements Sufficient, AHA Tells ONC
  • EHR Data Potentially Exposed in Vendor Healthcare Data Breach
  • Health data breaches: Gearing up for the before and after
  • HIPAA BAA, patient data flow strategies for an HIE
  • Walgreens pharmacist patient data breach raises questions
  • Mayo Clinic Says 601 Patient Records Inappropriately Accessed
  • Johns Hopkins privacy breach update: Patient counseling
  • How would national data breach policies affect healthcare?
  • Identity Theft Allegedly Due to Stolen University Records
  • Organizations adding cyber insurance in lieu of data breaches
  • Healthcare BYOD security considerations and concerns
  • Calif. Patients Say HIEs Worsen Patient Data Privacy
  • What rights do healthcare providers have with patient data?
  • Developing continual healthcare data security training
  • HIPAA omnibus spells end to CVS sponsored refill reminders
  • PHI of 13K Involved in Ransomware Attack at PA Health Clinic
  • FDNY privacy notice raises concern for data sale
  • Where do ACOs fit into the HIPAA compliance landscape?
  • Evolution, Not Revolution Coming to Healthcare Data Security
  • Human Error Top Data Security Issue, Says Law Firm Report
  • Hospital Biometric Test Pilot Decisions: IT Security Effects
  • Healthcare Employee Mistakenly Donates CDs with PHI
  • AHA Supports Secure Messaging Modifications in MU Program
  • Geisinger Health Plan PHI Disclosure Affects 2,800
  • Research Data Privacy Regulations Updated in Final Federal Rule
  • Interpreting HIPAA vs. state privacy laws for deceased patients
  • KY Hospital Implements New Medical Device Security Option
  • Data Security, Privacy Key in EHNAC Designation with HITRUST
  • Staying current with healthcare BYOD security risks
  • Managing multi-location health system internal security risks
  • Healthcare Security and Compliance Increases, Says DataMotion
  • Health Data Sharing Bill Passes House in 344-77 Vote
  • Federal Health IT Strategic Plan Focuses on Interoperability
  • Security concerns and benefits of the VistA open source EHR
  • OIG Notes NC Potential Medicaid Data Security Vulnerabilities
  • Understanding HIPAA Compliance, Violation Concerns
  • What Constitutes a HIPAA Violation?
  • Healthcare CIO survey denotes infrastructure security burdens
  • HIPAA Enforcement Takeaways From the OCR, NIST Conference
  • Understanding the NIST Cybersecurity Framework in healthcare
  • Health privacy and security: Winning back patient confidence
  • Utilizing a Secure Healthcare Cloud in Your Organization
  • How to Protect Your Entity from Healthcare Phishing Attacks
  • How to Create a Secure Mobility Strategy
  • Healthcare CISO’s VDI environment impacts security decisions
  • Does HIPAA restrict mental health data reporting?
  • Tampa General Hospital Data Breach Settlement Reached
  • Aligning healthcare management, staff to strengthen security
  • Unity Health Plans notifies 41,437 of missing hard drive
  • US-CERT Updates Cybersecurity Incident Notification Guidelines
  • What Should Entities Expect with OCR HIPAA Enforcement?
  • HITRUST: Shellshock vulnerability more serious than Heartbleed
  • Health IT Security, FHIR Focus of ONC Secure API Server Challenge
  • Cybersecurity hackers target Boston Children’s Hospital
  • What DOJ health data breach settlement means for 2013
  • Managing a health data breach with a response plan
  • EEOC Proposed Rule May Affect Health Data Security
  • New WannaCry Malware Strain Affects FirstHealth Computer Network
  • Alabama DPH sends 500+ patient data breach notices
  • HIPAA checklist
  • IT expert discusses healthcare security challenges, training
  • ONC Privacy and Security Tiger Team presents key issues
  • HIPAA omnibus rule impact on the Breach Notification Rule
  • How VDI, zero clients can lessen healthcare security risks
  • CMS says ACA data hub is secure; Republicans voice doubts
  • Military Health System study analyzes privacy challenges
  • Tiger Team finalizes V/D/T advice, begins DS4P discussion
  • Health Data Security Vital for ‘Most Wired’ Cibola Hospital
  • Hacking Incidents Create Data Breach Security Concerns
  • BYOD Privacy Concerns Push Security Admins Away, Says Report
  • $2.3M OCR Settlement Reached for 21st Century Oncology Data Breach
  • HIPAA Privacy Changes Not in Recent 21st Century Cures Act
  • Memorial Hospital of Lafayette County reports data breach
  • What Happens When a Healthcare Cyber Policy is Broken?
  • Big data implications for health data security, privacy
  • Health Application Vulnerabilities Top IT Executive Concern
  • Creating a Comprehensive Healthcare Risk Management Plan
  • About 40 percent of respondents said they use automated solutions, and 64 percent of those respondents use it for discovering where sensitive or confidential data are located in databases and enterprise applications. Additionally, 22 percent use it to discover data in files and emails and another 51 percent said migration to new mobile platforms is a concern.

    Healthcare perspective

    Some of these apprehensions regarding “finding the data” line up with what healthcare IT experts have told lately. Specially, a critical aspect of conducting a risk analysis is having a strong understanding of where the data is and being able to organize it between structured and unstructured information. Once it’s located and quantified the data, the organization can determine the best ways to secure the information. As referenced above, automation technologies may be a way toward efficiently locating that data.


    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks