|By Business Wire||
|February 19, 2014 01:00 PM EST||
Results of the 2013 HIMSS Security Survey show that, despite progress toward hardened security and use of analytics, more work must be done to mitigate insider threat, such as the inappropriate access of data by employees. Although federal initiatives such as OCR audits, Meaningful Use and the HIPAA Omnibus Rule continue to encourage healthcare organizations to increase the budgets and resources dedicated to securing patient health data, in the previous twelve months, 19 percent of respondents reported a security breach and 12 percent of organizations have had at least one known case of medical identity theft reported by a patient.
The 2013 HIMSS Security Survey, supported by the Medical Group Management Association and underwritten by Experian® Data Breach Resolution, profiles the data security experiences of 283 information technology (IT) and security professionals employed by U.S. hospitals and physician practices. The data from respondents suggests that the greatest perceived “threat motivator” is that of healthcare workers potentially snooping into the electronic health information of friends, neighbors, spouses or co-workers (i.e., inappropriate data access).
Recognizing inappropriate data access by insiders as an area for which organizations are at risk of a security breach, there has been increased use of several key technologies related to employee access to patient data, including user access control and audit logs of each access to patient health records. On a related note, although more than half of the survey’s respondents (51 percent) have increased their security budgets in the past year, 49 percent of these organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.
“Our collaboration with HIMSS for the sixth annual security survey has provided insight into the current state of security within provider organizations,” said Michael Bruemmer, Vice President for Experian® Data Breach Resolution. “Though progress is noticeable, it is critical that healthcare organizations put in place a comprehensive plan that addresses potential security threats – whether internal or external – to prevent electronic health data breaches and minimize the impact of a breach should one occur.”
Other key findings from the survey include the following:
- 92 percent of organizations conduct a formal risk analysis.
- 54 percent of organizations report having a tested data breach response plan; 63 percent of these organizations test their plan annually.
- 93 percent of organizations indicate their organization is collecting and analyzing data from audit logs.
- Healthcare organizations are using multiple means of controlling employee access to patient information; 67 percent of survey respondents use at least two mechanisms, such as user-based and role-based controls, for controlling access to data.
The survey also pinpoints shortcomings within the healthcare industry. Barriers to improving an organization’s security posture included budget, dedicated leadership and the following:
- Organizations reported an average score of 4.35 regarding the maturity of the security environment (where 1 is not at all mature and 7 is highly mature).
- Nearly half (49 percent) of the survey’s responding organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.
- 52 percent of the hospital-based respondents reported that they had a CSO, CISO or other full-time leader in charge of security of patient data.
“Healthcare organizations are increasingly deploying technologies to increase data security, but continued analysis is crucial in ensuring the proactive prevention of data breaches within hospitals and physician practices. Without these anticipatory measures, security of patient data will remain a core challenge within our nation’s healthcare organizations,” said Lisa A. Gallagher, BSEE, CISM, CPHIMS, FHIMSS Vice President, Technology Solutions, HIMSS.
For more information on the survey results and on innovation:
- Read the complete report on the 2013 HIMSS Security Survey, collaborative research from HIMSS and Experian.
- Download the survey infographic for a visual summary of the results.
HIMSS is a global, cause-based, not-for-profit organization focused on better health through information technology (IT). HIMSS leads efforts to optimize health engagements and care outcomes using information technology.
HIMSS is a cause-based, global enterprise producing health IT thought leadership, education, events, market research and media services around the world. Founded in 1961, HIMSS encompasses more than 52,000 individuals, of which more than two-thirds work in healthcare provider, governmental and not-for-profit organizations across the globe, plus over 600 corporations and 250 not-for-profit partner organizations, that share this cause. HIMSS, headquartered in Chicago, serves the global health IT community with additional offices in the United States, Europe, and Asia.
About Experian® Data Breach Resolution
Experian® Data Breach Resolution, powered by the nation’s largest credit bureau, is a leader in helping businesses plan for and mitigate consumer risk following data breach incidents. With more than a decade of experience, Experian® Data Breach Resolution has successfully serviced some of the largest and highest-profile breaches in history. The group offers swift and effective incident management, notification, call center support and reporting services while serving millions of affected consumers with proven credit and identity protection products. In 2013, Experian® Data Breach Resolution received the Customer Service Team of the Year award from the American Business Awards. Experian® Data Breach Resolution is active with the International Association of Privacy Professionals, the Health Care Compliance Association, the American Health Lawyers Association, the Ponemon Institute RIM Council and InfraGard and is a founding member of the Medical Identity Fraud Alliance. For more information, visit www.experian.com/databreach and follow us on Twitter @Experian_DBR.
Deep learning has been very successful in social sciences and specially areas where there is a lot of data. Trading is another field that can be viewed as social science with a lot of data. With the advent of Deep Learning and Big Data technologies for efficient computation, we are finally able to use the same methods in investment management as we would in face recognition or in making chat-bots. In his session at 20th Cloud Expo, Gaurav Chakravorty, co-founder and Head of Strategy Development ...
Mar. 24, 2017 10:15 AM EDT Reads: 3,217
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
Mar. 24, 2017 10:00 AM EDT Reads: 113
Virtualization over the past years has become a key strategy for IT to acquire multi-tenancy, increase utilization, develop elasticity and improve security. And virtual machines (VMs) are quickly becoming a main vehicle for developing and deploying applications. The introduction of containers seems to be bringing another and perhaps overlapped solution for achieving the same above-mentioned benefits. Are a container and a virtual machine fundamentally the same or different? And how? Is one techn...
Mar. 24, 2017 09:45 AM EDT Reads: 2,711
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
Mar. 24, 2017 09:45 AM EDT Reads: 2,638
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Mar. 24, 2017 09:30 AM EDT Reads: 160
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Mar. 24, 2017 09:15 AM EDT Reads: 1,544
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...
Mar. 24, 2017 08:45 AM EDT Reads: 3,599
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
Mar. 24, 2017 08:45 AM EDT Reads: 1,463
In the enterprise today, connected IoT devices are everywhere – both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, will discuss new ways of thinking and the approaches needed to address the emerging challenges of securit...
Mar. 24, 2017 08:30 AM EDT Reads: 4,199
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
Mar. 24, 2017 08:30 AM EDT Reads: 1,846
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
Mar. 24, 2017 08:15 AM EDT Reads: 825
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
Mar. 24, 2017 08:15 AM EDT Reads: 2,831
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
Mar. 24, 2017 08:00 AM EDT Reads: 7,273
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Mar. 24, 2017 08:00 AM EDT Reads: 3,857
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
Mar. 24, 2017 08:00 AM EDT Reads: 3,946