Healthcare Industry Challenged by Data Breaches, Compliance

Wednesday, April 15, 2015

Brian Prince


Compliance may be a key focus of the healthcare industry, but that hasn't always translated into secure environments.

In fact, in some cases, compliance efforts appear to be falling short. In a new report from Vormetric focused on healthcare organizations, almost half (48 percent) of the IT decision makers from the U.S. said their organization either failed a compliance audit or experienced a data breach in the last year.

The statistic comes from the 2015 Vormetric Insider Threat report, which is based on a survey of 818 IT decision makers in healthcare organizations around the world, including 102 from the United States. According to Vormetric, 92 percent of the U.S. respondents said their organizations are either somewhat or more vulnerable to insider threats. Forty-nine percent said they felt very or extremely vulnerable.

Some 62 percent of respondents identified privileged users – those who have access to all resources available from systems they manage – as the most dangerous group of insiders. Partners with internal access and contractors ranked second and third, respectively.

The report did not say specifically why so many organizations failed compliance audits. Regardless, the fact that they did indicates organizations are failing at basic data protection, opined Alan Kessler, CEO of Vormetric.

"Compliance requirements evolve slowly, while threats to data undergo rapid change," said Kessler. "Time and again, organizations that were compliant have been breached in the last few years."

Read the rest of this story on 

Firewalls IDS/IDP Network Access Control Network->General SCADA Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.