Data Warehousing

Stolen credentials, privilege misuse and miscellaneous errors were the three biggest causes for health data breaches in 2015, according to the 9th annual Verizon Data Breach Investigations Report released Tuesday.

There are day-to-day blocking and tackling tactics that every healthcare organization should be doing right now to reasonably address the current security threat landscape.

Healthcare analytics company Decision Resources Group is growing its healthcare data trove in a big way, adding claims and electronic health record data for its new Real World Evidence repository, or RWE. DRG touts the fact that RWE, meant to offering its clients better patient insights and help them do longitudinal analytics, covers 90 percent of the U.S. healthcare system The company did not release the cost of the data acquired. Brigham Hyde, senior vice president of analytics and chief data officer at DRG, said the amount of data it now has available for licensing to its clients – all of it de-identified – far surpasses that offered by Truven and other data companies. "We have four times as many patients as Truven has and six times as many claims, and we have EHR detail," Hyde said. IBM announced February 18 it would purchase analytics company Truven, adding a massive repository of data to its Watson Health Cloud. [Also: IBM Watson buying Truven Health Analytics for $2.6 billion] DRG is expanding its expertise to offer its clients more complete and dynamic analyses in the following areas: health economics and outcomes research, epidemiology validation, patient-level forecasting and market sizing, patient-level compliance and real-time network influence. The RWE data asset comes from multiple data providers in the U.S. and includes patient, healthcare professional and payer-level analysis. "As healthcare continues its shift from volume to value, DRG's RWE repository enables academic grade analysis of the cost centers of healthcare in the U.S., as well as the behaviors and outcomes of treatment and coverage decisions," Hyde said. The repository covers 240 million unique U.S. patients with more than five years of historical data, and has 3.2 billion medical and pharmacy claims, enabling closer analysis of cost and outcomes data, according to DRG. Hyde said DRG would leverage its nearly 400 analysts worldwide to provide customers with disease specific insights. For example, the repository has strong coverage of Type 2 diabetes, along with payment details, lab values and clinical progress of patients. DRG also is using the RWE repository to make available custom and interactive analytic dashboards and analytics to enable clients to answer important business questions quickly. In a separate announcement today, DRG said the board of directors appointed Jonathan Sandler CEO. Sandler also serves as DRG chairman of the board.

Kaiser Permanente this week launched a new database that enables researchers to examine participants' DNA in conjunction with environmental and behavioral health.

More than 1,000 patients of the Florida Department of Health Clinics in Palm Beach County could be at risk of identity theft after a recent medical records breach, department officials announced Monday.

It's now easier than ever for criminals to get into hospital networks, and ransomware is on the rise. Cybersecurity experts offer advice to help hospitals beat back the hackers.

With the recent surge in ransomware attacks, cybersecurity is a top priority for healthcare organizations across the nation. But even if providers have top security measures in place, there's another component to consider: the vulnerabilities of third- and fourth-party vendors. Almost three-quarters of businesses said cybersecurity incidents related to vendors are increasing, according to a recent Ponemon Institute survey, requested by BuckleySander and Treliant Risk Advisors. About half of the respondents said their organization experienced a data breach caused by a vendor, but 16 percent of respondents were unsure if a breach had occurred. And another 65 percent said managing cybersecurity incidents involving vendors is difficult. "The type of risk we're seeing now is changing in response to our evolving data-driven economy," Rena Mears, managing director of BuckleySandler, said in a statement. "The risk to strategic data assets extends beyond any single third-party, but rather to the web of relationships that comprise the data ecosystem." [Also: Lack of business associate agreement, risk analysis to cost Minnesota health system $1.55 M in HIPAA fines] More than a third of businesses don't believe their third-party vendors would notify them if a data breach occurred. And a staggering 73 percent of respondents don't believe a fourth-party vendor would contact them regarding a data breach. A fourth-party vendor is often hired by the third-party vendor. Survey respondents admitted their organizations shared sensitive data with third-parties that may have poor security policies in place. More than half said they weren't able to determine the safeguards in place by their vendors to prevent a data breach and 60 percent of respondents said their organizations don’t monitor their vendors’ security and privacy practices. Only 41 percent said their vendors' safeguards were sufficient. "The inability of so many companies to confirm whether third-parties have had a data breach or cyberattack involving sensitive and confidential information should be a wake-up call for businesses across all industries," said Susanna Tisa, chief business officer of Treliant Risk Advisors, in a statement. "To mitigate this risk, companies should compile a comprehensive inventory of and conduct data and privacy risk assessments for all third-party vendors," Tisa added. "However, we found few companies represented in this research, in particular those outside the regulated banking sector, have done so." Twitter: @JessieFDavis Email the writer: jessica.davis@himssmedia.com Like Healthcare IT News on Facebook and LinkedIn

The Samsam and Maktub Locker malicious code programs attack vulnerable patches and spread to all systems connected to a network.  

Now the question is whether cyber criminals could someday emulate that approach to access encrypted patient data.

Leading providers are already thinking about how to transform themselves from data-driven to information-driven organizations, able to offer drastically improved patient experience akin to Amazon and Google. But it's not easy.