Privacy & Security
Sponsored: Report Reveals Only 30 percent of Healthcare IT Teams are Restricting Insecure Cloud Fil…
Given the increase in threats and vulnerabilities introduced to the market on a daily basis, the process of moving protected healthcare data securely is critical to the role of IT teams in healthcare organizations. Considering the demands that IT teams must meet in order to comply with data privacy laws and industry regulations such as HIPAA, IT professionals are in a continuous battle for file and data security.
In this recently published report by Ipswitch, over 500 IT professionals around the globe were surveyed about their use of data and file transfer solutions and policies in place at their organizations. The global findings show that while 82 percent of healthcare IT professionals believe securely transferring and sharing of files is very important, only 30 percent have policies that restrict insecure cloud file sharing services.
In the US, 38 percent of healthcare IT respondents stated they use cloud file sharing services but only 40 percent have policies in place that restrict its use. The results were even more surprising in Europe as only 20 percent of IT organizations stated they have policies in place. This is a significant concern as sensitive information such as patient records and medical data are outside IT control and vulnerable to data loss and breach. While IT teams are aware of the issue, employees are continuously circumventing IT approved solutions by using these insecure services placing the organization and its data at risk.
The report reveals that while external threats to data loss are still prevalent, internal threats represented the most common cause of data loss. In the US, 72 percent of respondents shared that human and processing errors are to blame – significantly outweighing external attacks and breaches. Meanwhile, 21 percent of IT professionals said they may have experienced a data breach or suffered data loss but are not sure.
Identifying and mitigating risks is critical to protecting data. However, the report shows that more than a third (38 percent) of IT professionals said their processes to identify and mitigate file transfer risk are not efficient.
“The survey findings point to an obvious disconnect between IT and organization leadership when it comes to file transfer security,” said Paul Castiglione, Senior Product Marketing Manager at Ipswitch. “IT teams need to voice this as a priority for 2016 to ensure the company has granular access control, automated policy governance, and protection of data in transit and at rest. By implementing a MFT solution and enforcing strict policies, IT teams can make sure sensitive company data is safe and secure, without hassle.”
To learn more, check out the 2016 State of Data Security and Compliance blog by Ipswitch. Get your FREE copy and learn how leading edge healthcare IT teams are meeting data security challenges.
The National Association for Trusted Exchange and CommonWell Health Alliance are teaming up to keep momentum on interoperability, with each becoming a member of the other's organization. Members of the two groups will begin working together immediately.
UMMC CHIO John Showalter, MD, describes what associative data lakes, honest brokers and more mean to becoming a learning health system.
The American Dental Association unwittingly sent malware-infected USB thumb drives to dental offices nationwide, the ADA confirmed today.
A bill to establish the Office of the Chief Information Security Officer within the U.S Department of Health and Human Services was introduced in the House of Representatives this week.
On April 26, Energy and Commerce Committee Members Rep. Doris Matsui, D-California, and Rep. Billy Long, R-Missouri, introduced the HHS Data Protection Act to elevate the HHS CISO from its current position under the HHS' chief information officer.
"The integration of information technology into nearly every aspect of our daily lives means our security landscape has changed dramatically," said Matsui said in a statement. "As the network of cybercriminals becomes increasingly sophisticated, our operational structures and strategies must evolve accordingly."
The bill builds on the Obama Administration's Cybersecurity National Action Plan, which emphasizes the need for a CSIO to improve cybersecurity. In response to the plan, the Administration created a Federal Chief Information Security Officer position to exclusively focus on Federal cybersecurity operations.
The legislation is in part a response to the committee's August 2015 report on the FDA's information security that found "pervasive and persistent deficiencies across HHS and its operating divisions' information security programs" after its internal network was breached.
"It's impossible to completely eradicate the threat of cyber-attacks, but the American people deserve to know their sensitive information is being safeguarded with the utmost security," said Long, in a statement.
"In light of recent data breaches across America's federal agencies, we have the responsibility to root out vulnerabilities and maximize data protection to give them that peace of mind," he said.
A legal expert discusses the Office for Civil Rights' outreach to the healthcare and technology industries on the subject of where and how HIPAA does and does not apply in the growing arena of mHealth.
Stolen credentials, privilege misuse and miscellaneous errors were the three biggest causes for health data breaches in 2015, according to the 9th annual Verizon Data Breach Investigations Report released Tuesday.
There are day-to-day blocking and tackling tactics that every healthcare organization should be doing right now to reasonably address the current security threat landscape.
NewYork-Presbyterian Hospital to pay $2.2 million for 'egregious disclosure' of PHI in HIPAA violat…
NYP's actions while filming the TV show 'NY Med' blatantly violated HIPAA rules, said Jocelyn Samuels of the Office for Civil Rights.
Divurgent, Sensato unveil new Medical Device Cybersecurity Task Force with VMware, Renovo among mem…
The new group consists of tech vendors and device manufacturers working to create sets of security best practices for both providers and manufacturers.