The same reasons the industry remains vulnerable to fraud, waste and abuse may very well be the reasons why the industry has also become attractive to the Cybercriminals, says SANS
The growing presence of online personal information and new methods of accessing and transferring medical data are increasingly putting sensitive protected data at risk, according to the health care cybersecurity survey by SANS.
Of the 224 qualified health care cybersecurity workers who completed this year's survey, 42% are most concerned about the risks to personal health records, 36% with patient portals and 21% with consumer-facing mobile apps, says SANS.
These concerns highlight a growing awareness of risk to patient data across platforms, says Barbara Filkins, the SANS analyst and health care security and compliance expert. "There appear to have actually been small gains fostered by better awareness of the threats out there," she says.
Compared to last year's survey results, twice as many respondents (24%) in this year's survey feel adequate in their ability to counter threats. Most encouragingly, 70% rated application and database security controls as effective or very effective. These are key areas health care organizations must focus on to protect sensitive, regulated data.
Budgetary commitments for cybersecurity are starting to move up, with 13% of small businesses indicating they now have security budgets in the 4–6% range, and 3% more respondents in 2014 incorporating security into funded phases of the product development life cycle.
While some gains have been made, risks still abound. In this year's survey, 51% rank negligent insiders as the chief threat, while 37% of respondents rank training and awareness as ineffective countermeasures.
Meanwhile, 41% are not satisfied with their current data breach solutions. "My suspicion is that the same reasons the industry remains vulnerable to fraud, waste and abuse may very well be the reasons why the industry has also become attractive to the cybercriminals," Filkins notes.