One in five healthcare professionals has experienced breaches of patient data, yet many also say they’re “very confident” in their facility’s ability to protect that data against theft, according to a survey by University of Phoenix College of Health Professions.
Despite increased data breaches in all industries, only a quarter of registered nurses (RNs) have seen changes in the way their companies handle data security over the past year.
The data also reveals a worrying disconnect between healthcare professionals’ confidence in protecting sensitive patient data and the actual protection of that data.
Some 48% of RNs and 57 percent of administrative staff say they are “very confident” their institution can safeguard patient records against potential data theft. At the same time, only 25 percent of RNs and 40 percent of administrative staff cited data security & privacy improvements over the past year.
The University acknowledges that the healthcare industry is “one of the highest targeted by cybercriminals, due to its heavy reliance on technology and vast amount of available patient data.”
Research by Cryptonite NXT supports this claim. According to the company’s Health Care Cyber Research Report for 2017, stolen medical records make for a terrific extortion tool.
One example is the London Bridge Plastic Surgery data breach three months ago, when The Dark Overlord cybercriminal group hacked the high-profile clinic and stole graphic images of celebrities undergoing plastic surgery. The purpose behind the breach was believed to be extortion. No reports confirm this theory, but it’s possible the group got what they were after and kept a lid on it.
Dennis Bonilla, executive dean for the College of Information Systems and Technology at University of Phoenix, believes healthcare providers (HCPs) are “extremely susceptible to human error.”
“If one employee accidently invites malicious malware into a system, the impact can be catastrophic. To limit the amount of breaches, cybersecurity governance must improve,” Bonilla said.
Again, the University’s findings can be easily supported with real-life examples. The WannaCry ransomware attack in May 2017 revealed just how easily malware could move laterally in a computer network.
As avid readers know, the UK’s National Health Service lost hundreds of thousands of patient records in the attack, which leveraged unpatched Windows computers. Patients with life-threatening conditions had to be put on hold, and the financial consequences to NHS were devastating.
On a positive note, nurses and staff administrators agree that additional support and training is needed for healthcare privacy and security. The survey also found that HCPs are taking some steps to better protect patient data, such as updated privacy and access policies, role-based access to sensitive information, and enhanced data surveillance.