Most small healthcare facilities unprepared for data breach


While healthcare breaches are on the rise, most small facilities are unprepared for a breach, according to a survey by identity protection and fraud detection specialist CSID.

It found that most small healthcare facilities feel that their systems adequately limit the risk of a data breach, despite one in three facilities spending less than 10 percent of their IT budget on protecting patient data.

The survey results found that only 16.7 percent are worried about losing patient data in the event of a data breach. However, most small healthcare facilities are unprepared for a breach to occur. Less than a third (28.6 percent) have a crisis plan in place in the event of a breach.

The survey also found that most healthcare facilities (81 percent) require strong passwords to access systems hosting sensitive information and control who has access to electronic health records, but only a third use multi-factor authentication and just one quarter vet and audit vendors that have access to patient data.

Half of employees who have access to electronic health records also have access to their personal email at work. This makes it easy for patient data to leave a facility without being tracked.

“With the rise of electronic medical records, one weak link can be devastating for the whole system. This survey shows that smaller healthcare facilities may not have adequate resources or know-how to protect patient data, potentially putting these entities and their patrons at risk,” said Joe Ross, president and co-founder of CSID.

“It is going to be increasingly important for all healthcare facilities to proactively protect against medical data theft by implementing stronger security protocols and having a breach plan in place. Our goal here is to help them do this.”

CSID, Joe Ross, US