Despite the aggressive efforts of government regulators, the health care industry's reputation for security hasn't been stellar. Multiple breaches are reported on a weekly basis and with health care exchanges popping up under the federal Affordable Care Act, the situation could get worse before it gets better.
One way custodians of health care data might be able to better protect patient information is by integrating "big data" security solutions into their systems. That, however, can present health care organizations with even more security challenges.
"When you look at the known number of data breaches in health care, it's staggering," said Stu Sjouwerman, CEO of KnowBe4, a security awareness training company.
Health care organizations have increasingly been targeted by hackers as more and more of their data becomes electronic. Since 2009, hospitals and medical practices have been under the gun by regulators to ditch paper for electronic records by 2015. "There's been pushback that timeframe is too ambitious for providers to properly secure their data," said Joan Walker, a senior consultant with TayganPoint, a management consulting firm.
Not only is more medical information being placed online, but those who have access to that data is also expanding. Consumers can view their medical information online and medical professionals can use electronic information for sharing and collaboration with each other. "More online sensitive data and more access to that data means more opportunities for hackers," said John Pescatore, director of emerging trends for the SANS Institute.
"Health care has always been attractive to hackers, and it's even more attractive now," added Alan Brill, senior managing director for Kroll Advisory Solutions, a risk management firm.
Part of that attraction stems from a sort of "Perfect Storm" for data predators. "The transient nature of data and the porous nature of the network leads to hackers focusing on health care," said Ed Gaudet, general manager of Imprivata's Cortext products group, maker of authentication systems for medical personnel.
Adding to a health care organization's data security problems are medical devices -- such as MRI and CAT scan machines -- that connect to its networks. "They all connect to the network, all have Internet access and all have vulnerabilities that manufacturers have not been patching, which present a whole new set of security challenges to providers," Pescatore explained.
While health care organizations have always been concerned with preserving the confidentiality of patient records from unauthorized snoops, having that information targeted for financial gain by digital bandits is relatively new to them. "They're in the business to serve and treat patients," explained TayganPoint Senior Consultant Jay Stanell. "If they have a choice between spending their money on an imaging machine that saves lives and multiple tiers of security, that's not an easy decision for them."
Sign up for CIO Asia eNewsletters.