Rhetorical Question: Is My Healthcare Data Safe?
When I think of healthcare, I think of many different things: getting better from a cold or flu, receiving reassurance that I have no serious ailments, or possibly getting relief from allergies. I also think about cost, as a family of four will have numerous uncovered expenses. What I don’t want to know or fear is that my personal information (or that of my family) is not protected to the best extent possible.
However, what I want is not what I always get. My health information was or could have been comprised three times since the records of my providers were breached. Of course, there were the assurances that every step possible was taken to remediate the situation and so far, there has been no noticeable misuse of my data. However, the operative part of that sentence is “so far.” It is possible that false claims, unauthorized credit, false tax returns, or unauthorized purchases under my name will occur. Then the real fun begins!
That is the personal perspective. Professionally, when I think of healthcare data, I think of a byzantine landscape of regulations for data handling. I also note that three of the top five data breaches of 2015 involved healthcare organizations, as reported by CRN. Drawing from research conducted with Informatica, Scale Venture Partners, and Ponemon Institute, it’s clear that healthcare organizations (as well as other industries) struggle with the fundamental issues of data security.
These issues of data security are about intelligence on sensitive and private data: where is it; who is using/accessing it; where is it proliferating (i.e., where is it created and where is it being shared); and what is its value, its location, and other factors that create a profile of “sensitive data risk.” It is not that healthcare organizations have no idea at all about their sensitive data, but the details that are fundamental to security and privacy are lacking.
How did this happen? That is, how have organizations lost track of their most precious assets: sensitive and private data? One byte at a time is the answer, but the bytes are multiplying like a virus. Driven by new self-service applications, mobile users, cloud, analytics, and regulations, healthcare organizations have experienced an explosion of data growth and propagation.
Unfortunately, security practices and technologies have not kept up; you can see evidence of this at the yearly RSA Conference, where the latest innovations and trends for information security take center stage. The solutions and sessions have been updated and progressed from previous years, but the focus remains the same: keep the bad guys out and detect if the bad guys get in. Given the dismal track record of data breaches last year, the bad guys are getting in, undetected. Thank goodness the network protections are in place because we would have unmitigated chaos if they weren’t slowing the hordes of attackers.
Clearly something more is needed, and a data perimeter driven by actionable intelligence is the answer. Arm those with responsibility for data protection, meeting industry guidelines and privacy regulations, with the knowledge to understand what they are trying to protect and secure.
This is the role of data security intelligence, which provides executives with strategic abstracts of an organization’s sensitive data landscape and actionable drill downs for practitioners. With data security intelligence, healthcare organizations (and other industries) can create the additional “data perimeter” that is necessary in this era of data proliferation, growth, and persistent attacks. Data and security teams can join forces to ensure that the sprawling data so necessary for competitive advantage is safeguarded in a manner that meets corporate, government and, most importantly from my perspective, consumer needs.