Avoidance of financial penalties remains a top driver for US healthcare security spend
Thales has announced the results of its 2018 Thales Data Threat Report, Healthcare Edition, revealing only 30% of global healthcare organisations have remain untouched by a data breach. Up to 39% of these organisations have been breached in the last year alone, while the majority of respondents (70%) reported being breached in the past – a 17% rise from 2016.
Issued in conjunction with analyst firm 451 research, the findings also highlight the negative impact cyber criminals are having, with over half (55%) feeling ‘very’ or ‘extremely’ vulnerable to data breaches.
Digital transformation: Enabling better healthcare, but creating risks
In an effort to provide more efficient services – and with an eye towards cutting costs – the healthcare industry has more recently been turning its attention towards embracing digitally transformative technologies, including cloud, big data, Internet of Things and containers. These technologies allow organisations to better create and manage data, as well as store critical information more efficiently.
Almost all (93%) of global respondents reported using these technologies with sensitive data. With each new technology comes unique data security challenges that must be addressed, as they increase the attack surface available. Among some of the more notable findings from this year’s report:
- All (100%) global respondents surveyed are leveraging cloud technologies, with 54% using three or more cloud vendors for infrastructure (IaaS) as opposed to having it onsite
- One-third (33%) of global respondents are using more than 50 cloud-based software applications (SaaS); and 54% are using three or more cloud-based platform (PaaS) environments
- Almost all (99%) of global respondents are using big data; 94% are working on or using mobile payments, and 94% have a blockchain project implemented or are in the process of implementing one
- 96% are leveraging IoT technologies, which may include internet-connected heart-rate monitors, implantable defibrillators and insulin pumps
Consequently, these organisations have emerged as a prime target for hackers, putting valuable medical data at risk. While a stolen credit card has a time-limited value, PHI and electronic medical records (EMR) are packed with immutable data that can, and do, fetch hundreds of dollars per stolen record on illegal online markets.
- Flex partners with Google, launches BrightInsight
- Microsoft releases new health solutions utilising cloud tech
- MEDITECH launches new EHR platform to empower healthcare organisations
Compliance playing larger role in influencing global healthcare security attitudes
Past global healthcare reports have shown the US to place more of an emphasis on compliance, compared to its global counterparts. This is primarily driven by a privately focused healthcare system, which contends with a complex web of regulations and standards. The effectiveness of a compliance-based strategy is debatable: 77% of US healthcare respondents reported at least one breach at some time in the past, making it the most breached among all US verticals polled in this year’s report. Despite the US’ struggles, 64% of global healthcare respondents still believe compliance requirements are ‘very’ or ‘extremely’ effective at preventing data breaches, with compliance ranking first among global healthcare respondents as a driver of security spending (51%), higher than any other sector and higher than the US. (44%).
Encryption viewed as critical – but does spending reflect this?
While 83% of global healthcare respondents plan to increase spending on security (a number that is above the global average), only 40% of global respondents are increasing spending for data-at-rest security tools. This stance is puzzling, when reflecting on other findings from the report.
For example, the looming deadline for the General Data Protection Regulation (GDPR) means data sovereignty is top of mind for most international companies. Globally, encryption is the top choice for complying with privacy regulations (36%). Unlike their US counterparts, who ranked data-at-rest defences second-to-last in terms of effectiveness, 76% of global healthcare respondents also ranked data-at-rest defences (such as encryption or tokenisation) as the number one tool for protecting data (tied with data-in-motion defences).
“When it comes to data security, the global healthcare industry is increasingly under duress, which is why some of this year’s findings are so counterintuitive,” explained Peter Galvin, Chief Strategy Officer at Thales e-Security.
“For example, 63% of global respondents are investing money in endpoint security, even though it offers little help in protecting data once perimeters have been breached. Data security spending needs to match healthcare’s reality – which is that of an industry embracing digitally transformative technologies – in the form of investments in encryption solutions offering protection to known and unknown sensitive data that has moved beyond the traditional four walls of the healthcare environment.”
Jvion launches AI-powered map to tackle mental health crisis
Clinical AI company Jvion has launched an interactive map of the US that highlights areas that are most vulnerable to poor mental health.
The Behavioral Health Vulnerability Map uses Jvion's AI CORE™ software to analyse public data on social determinants of health (SDOH) and determine the vulnerability of every US Census block group.
Vulnerability refers to the likelihood that residents will experience issues like self-harm, suicide attempts or overdoses. The map also identifies the most influential social determinants in each region, to show the social and environmental conditions that contribute to mental illness.
As an example, the map shows that Harrison County in Mississippi has a 50% higher suicide rate than the rest of the state. It also shows a high percentage of individuals in the armed forces at a time when active duty suicides are at a six-year high, along with a high prevalence of coronary artery disease, arthritis, and COPD, all chronic illnesses that are linked to a higher suicide risk.
The map also shows Harrison County has a high percentage of Vietnamese Americans, who studies suggest have high rates of depression and may be less likely to seek help from mental health professionals.
The map was built using the same data and analytics that Jvion used to create the COVID Community Vulnerability Map, which was launched towards the start of the pandemic.
With this new map, Jvion is aiming to tackle the growing mental health crisis in the US. “At a time when so many Americans are struggling with their mental health, we’re proud to offer a tool that can help direct treatment resources to the communities that need it most,” said Dr John Showalter, MD, Jvion’s chief product officer, who led the development of the map.
“For too long, the healthcare industry has struggled to address social determinants of health, particularly in the context of behavioural health. Our hope is that by surfacing the social and environmental vulnerabilities of America’s communities, we can better coordinate our response to the underlying conditions that impact the health and wellbeing of people everywhere.”