Guest post by Cortney Thompson, CTO, Green House Data.
As more healthcare providers modernize their IT with cloud solutions and mobile devices, the opportunity for breaches increases dramatically. Hardly a week goes by without a major hospital or practice announcing a data breach. Breach reporting is costly, time-consuming and harmful to the reputation of otherwise legitimate practices. But is it really unsecured data, hackers or doctors sharing information that is causing breaches?
A quick analysis of the public data released by the Department of Health and Human Resources (HHS) reveals that from the first reported breaches in 2009 through early 2013, there were 572 breaches involving 500 or more patients (the threshold for reporting). Of these breaches, only about 10 percent came from hacking/IT incidents or improper disposal, while over half—51 percent—were a result of theft.
When you combine these details with the location of the breach, the picture becomes even more clear: 44 percent of the breaches are from laptops, 13.5 percent are from a computer, 13.1 percent are from portable devices and 10.5 percent are from network servers. That means a whopping 81 percent of breaches are from computing devices, and 57 percent are from mobile devices alone.
The security priority is apparent. Mobile devices cause the majority of PHI breaches and must be secured. While they aren’t foolproof and breaches can still occur, there are a variety of methods to control access to data on laptops, tablets, and smart phones on today’s market, as well as ways to wipe the device and track it.