Online health information at risk


Online methods of storing, accessing and transferring medical data are putting sensitive protected data at risk.

That is the key finding of the 2014 SANS Healthcare Cyber Security Survey.

Of the 224 qualified health care cybersecurity workers who completed this year’s survey, 42 percent are most concerned about the risks to personal health records, 36 percent with patient portals and 21 percent with consumer-facing mobile apps.

These concerns highlight a growing awareness of risk to patient data across platforms, said SANS analyst Barbara Filkins.

“There appear to have actually been small gains fostered by better awareness of the threats out there,” she said.

Compared to last year’s survey results, twice as many respondents (24 percent) in this year’s survey feel adequate in their ability to counter threats.  Most encouragingly, 70 percent rated application and database security controls as effective or very effective.

These are key areas healthcare organizations must focus on to protect sensitive, regulated data, said SANS.

Budgetary commitments for cybersecurity are starting to move up, with 13 percent of small businesses indicating they now have security budgets in the 4–6 percent range.  Compared to 2013, some 3 percent more respondents in 2014 incorporated security into funded phases of the product development life cycle.

While some gains have been made, risks still abound. In this year’s survey, 51 percent rank negligent insiders as the chief threat, while 37 percent of respondents rank training and awareness s as ineffective countermeasures. Meanwhile, 41 percent are not satisfied with their current data breach solutions.

“My suspicion is that the reasons the industry remains vulnerable to fraud, waste and abuse may very well be the same reasons why the industry has also become attractive to the cybercriminals,” Filkins said.

The full findings of the survey will be released in two webcasts, one on December 9 and the other on December 11, both at 1pm EDT. For more details, visit:

US, SANS, Barbara Filkins