How to protect patient data that’s being shared widely
Healthcare is a prime target for data breaches, and providers and life science firms will likely face more security risks as they increasingly interact directly with each other in the healthcare ecosystem.
According to Accenture, a healthcare data breach has affected one in every four Americans, and threats don’t appear to be slowing down. Security firm Symantec warns of a new hacker ring targeting large healthcare organizations in the U.S and elsewhere.
Healthcare is a prime target for cyber thieves because records are highly valuable. The Poneman Institute states that a healthcare record—including name, birthdate and Social Security number—can net $50 on the black market vs. $3 for credit card information, because of the health record’s ability to be used for a longer time before detection.
Also, many healthcare enterprises are easier targets—they increase their vulnerability by rely on aging IT architecture, outdated software and ever-increasing endpoints and data sharing.
The data security threat will increase exponentially as the industry embraces the use of real-world evidence, which works by gathering data from new and disbursed sources and sharing that information throughout the healthcare ecosystem, including providers and payers. In the traditional clinical trial model, data is highly controlled and only shared among well-vetted traditional partners and the FDA.
A 2017 KPMG survey states that sharing data with third parties is one of the biggest vulnerabilities healthcare organizations face. As more data is shared between providers, payers and even consumers to gather key RWE, life sciences organizations will face new security challenges.
Data sharing expands the attack surface for hackers—the traditional “network” becomes dispersed and often sits outside the organization’s four walls, rendering the “bigger wall” strategy for protecting information ineffective. Now, not only will employees be “phished,” but so will those workers from all the organizations that interact with healthcare organizations. This increases the chances for an inadvertent or even intentional insider breach. To combat that, the data needs to be secured in the database, not just at the network level.
Organizations throughout healthcare will be better protected if data security includes:
Data security is a big challenge. A KPMG survey found that the good news is providers say they’re better protected than they were until recently, although much more needs to be done. Cybersecurity Ventures predicts that providers are also spending on security, exceeding $65 billion in total from 2017 to 2021. It will be critical for that investment to be focused on data-level security.