Home » Compliance » Risky Medicine: A Poor Prognosis for Health Care Security
health care security

Risky Medicine: A Poor Prognosis for Health Care Security

In the health care industry, IT solutions are moving at a breakneck pace with an aim towards integrated electronic health records, interactive patient portals, mobile engagement and more. It’s a direction that many feel is necessary to bring health care up into this millennium and improve the quality of care. However, it’s a major cause for concern for data privacy and health care security.

Health care organizations are among the most common targets for malicious cyber attacks. The kinds of personal health information these companies maintain fetch a substantial price on the black market. And, compared to the financial services sector, health care is seen as an easy target for identity thieves. With heavy fines for data breaches — in addition to serious reputation damage and recovery costs — health care companies face catastrophic losses if they don’t shore up their security.

Yet a gap remains between what’s necessary to safeguard information and what’s actually being done. And health care organizations’ progress in cyber security remains a point of contention. According to a MedData survey of 272 health care professionals, doctors rated their clinics’ cyber security measures ‘below average’ (22%) more often than administrators and IT staff (8%). Doctors were most likely to cite electronic health records as the area of greatest vulnerability (51%), followed by mobile communication devices (46%) and patient portals (32%). Nearly 75% of administrators and IT staff claimed that email and messaging systems are most vulnerable.

The survey did find some agreement between doctors and administrative/IT staff. Namely, a majority of respondents from both groups (68%) identified malicious hackers as the most pressing threat. Additionally, most respondents (83%) pointed to regulatory compliance as the prominent driver of change toward more effective security systems.

Strict compliance with HIPAA and HITECH standards are absolute necessities for protecting personal health information, and it’s a strong foundation for building a truly effective cyber security approach. However, cyber security is far from being the only operational challenge for health care organizations. This is where a trusted HIPAA and health care security partner can help. Lunarline offers complete support for HIPAA/HITECH compliance as part of a comprehensive suite of health care security services.

To learn more about these capabilities and Lunarline’s three-pronged approach to cyber security, visit Lunarline.com or contact us today.

About Spence Witten

Spence has somehow survived ten years at start-ups and small businesses without suffering a (major) nervous breakdown. As Lunarline's Director of Federal Sales, Spence actually loves working on proposals. If there were any doubt, this is proof that he is in fact certifiably insane. While his title says "Sales" Lunarline doesn't let him off that easy. We make him do real work, too. Luckily he's a recognized subject matter expert in security policy and loves helping clients navigate their way around tricky security compliance standards. He's also been known to lead a software development initiative or two, though that pretty much always ends poorly for everyone involved. He can be reached at spence.witten@lunarline.com.