Healthcare IT Security Worse Than Retail
This post is also available in: 
עברית (Hebrew)
Healthcare organizations are rife with insecurity, and it’s only a question of when a Target-like attack puts millions of patient health information (PHI) files on the black market, a new study suggests.
According to Information Week a large-scale attack within the healthcare industry could put patients’ safety and lives at stake, cautioned Stephen Boyer, CTO of security rating firm BitSight Technology, in an interview. Despite increasing awareness about these risks, healthcare organizations far behind their peers in other vertical markets, Boyer said, citing a BitSight study titled Will Healthcare Be the Next Retail?, released May 28.
Of four industries the study analyzed, healthcare saw the largest surge in attacks and was slowest to respond, taking more than five days to remediate security issues. By comparison, finance took about 3.5 days, and retail and utilities combatted issues within approximately four days. Some healthcare organizations led the market, using best practices and adequate resources, but as a sector, healthcare is weaker than others.
iHLS – Israel Homeland Security
According to Boyer, however, that may be improving. “I don’t know of a major breach of healthcare records, but stay tuned. I know that certainly there’s worry about privacy. I see more transparency going into the process and I think that’s going to put the right incentives in place,” he said. “The Target breach was just a watershed moment in the industry. It’s changing conversations everywhere we go.”
Unlike finance firms that have secured money since their earliest days, healthcare organizations are typically comparatively new to the world of data protection. Their mission is to deliver care, not safeguard bytes of data, Boyer explained, so awareness, cognition of the full range of insecurities, and resources are not available across the industry.
If a big breach occurs within healthcare, Boyer warned, patients could react by switching providers or insurers, or being less forthcoming with physicians — even to the detriment of their health.
