Healthcare Information Security

Cybersecurity News

Why Healthcare Must Invest in Data Security Measures

With a recent survey showing that organizations might not be making proper data security investments, healthcare must ensure it protects PHI.

Data security must be top IT investment for healthcare organizations

Source: Thinkstock

By Elizabeth Snell

Healthcare cybersecurity threats continue to evolve, and with cases of ransomware infiltrating provider networks, patient data security and patient safety could both be put at risk.

Healthcare organizations must ensure that they are making strong data security investments, and are continuously working to keep their networks, connected devices, and all potential endpoints secure. A data breach or malware attack could be detrimental to both the healthcare entity and its patients or consumers.

A recent survey though indicates that companies are prioritizing network and endpoint solutions over encryption. While a necessary thing to secure, data encryption options should not be overlooked.

The 2017 Thales Data Threat Report found that 73 percent of organizations in numerous industries increased IT security spending for 2017. This is an increase from the reported 58 percent doing so in 2016.

The survey interviewed 1,100 senior IT security executives in several industries, including but not limited to education, engineering, healthcare, and the federal government.

Compliance was found to be the top driver for IT spending, according to the report. Specifically, 44 percent of respondents said meeting compliance requirements was their top spending priority. Best practices were the key factor for 38 percent of respondents, with 36 percent saying protecting their reputation or brand was the top IT spending driver.

Forty-four percent of respondents in all industries said that cyber criminals were the top threat, followed by hacktivists (17 percent).

Researchers noted that as more organizations utilize new technologies for data storage, transfer, and processing, traditional perimeter-based security controls, legacy network, and endpoint protection solutions are becoming increasingly less relevant.

"Enterprises today must inevitably confront an increasingly complicated threat landscape. Our world, which now includes the cloud, big data, the IoT and Docker, calls for robust IT security strategies that protect data in all its forms, at rest, in motion and in use,” Thales e-Security VP of Strategy Peter Galvin said in a statement. “Businesses need to invest in privacy-by-design defense mechanisms – such as encryption – to protect valuable data and intellectual property and view security as a business enabler that facilitates digital initiatives and builds trust between partners and customers."

Data encryption can be especially beneficial in the healthcare industry, making it more difficult for unauthorized parties to access sensitive data, such as patient PHI.

Healthcare entities should consider data encryption if it is determined to be necessary to keep data secure through it normal operations. As explained by the National Institute for Standards and Technology (NIST), organizations should implement solutions that use existing system features, such as operating system features.

IT spending has been listed as a top priority of healthcare executives in previous reports, which bodes well for the industry being able to keep PHI secure.

An October 2016 survey from Harvey Nash and KPMG found that 52 percent of interviewed healthcare CIOs said they would be seeing IT budget increases in the next year.

Furthermore, 45 percent of CIOs in all surveyed industries said they expected IT budget increases and 33 percent reported they expect to see unchanged budgets.

The majority of healthcare executives – 80 percent – added that they see a growing strategic role in their organization. However, only half of those surveyed said they have a "clear digital business vision and strategy."

New regulatory changes and evolving business models are forcing healthcare organizations to change their way of thinking about leveraging technology, according to KPMG LLP Healthcare Technology Leader Vince Vickers.

"Some of these changes can remove costs through automation and provide greater insight into their business from data & analytic tools,” Vickers said in a statement. “All of this is putting more pressure on CIOs to quickly and effectively sort through the best new technologies and implement them to engage patients and deliver greater efficiency. So the CIO's role is becoming much more creative, strategic and a key to transformation in healthcare."


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks