Security professionals responsible for keeping healthcare companies secure from data breaches are going to have a busy year, according to the credit-scoring firm Experian.
The healthcare industry, Experian warns, is particularly vulnerable because of the “growing number of access points” to protected personal health information through the increased use of electronic health records and fast-proliferating streams of consumer-generated health data.
And healthcare organizations will be increasingly at risk because of broader technology trends playing out in the sector—access to data through the cloud and connected devices.
Part of healthcare's particular vulnerability comes from related sensitive data. For example, a patient's Medicare card also includes Social Security numbers. Experian says healthcare organizations are often understaffed relative to the magnitude of data they handle.
An Experian survey published in September 2014 warned that healthcare companies are particularly appealing and vulnerable targets for hackers and other malefactors.
According to HHS' Office for Civil Rights, 2014 has seen 141 reported data breaches covering roughly 8.9 million patient records. Healthcare accounted for 42% of serious data breaches, according to Experian, and the firm expects the number to grow further in 2015.
And the survey warns that companies of all stripes (healthcare and pharmaceutical firms compose 13% of the respondents) are not ready to deal with the aftermath of a data breach. Only about a quarter of respondents said they had an insurance policy covering data breaches, and just under half said their organization has invested in technologies to reveal and respond to breaches.
Most respondents said that updates to their data breach response plan were infrequent: 41% said there was no set time period for reviewing and updating the plan, and 37% said their organizations had not updated the plan since it was put in place.
Follow Darius Tahir on Twitter: @dariustahir