A closer look at access management in health care
August 27, 2014

Although the retail sector has been victimized by countless breaches in the past year, many experts have asserted that the health care industry is the most at risk of information exposure and compromised records. Medical organizations are among the most aggressive in their pursuit of technology deployments and implementation, with telehealth, mobility, electronic medical records and Internet-connected devices all impacting these firms almost simultaneously. 

Analysts have not exactly pulled ominous predictions out of a black hat, but have rather come to these conclusions due to a breadth of breaches that have taken place in this industry in the past few years. From errant emails containing unencrypted patient data to lost or stolen devices and much more, health care firms are far from the leaders board when it comes to information governance and system defense. 

Now, as more experts begin to warn about the risks that are taking place in the medical sector, others are starting to explain some of the ways in which decision-makers therein can go about improving their performances. In many ways, leveraging next-generation dynamic authentication solutions can quickly reduce risk while driving the fluidity of operations, as these tools tend to be a bit quicker and more intuitive for users. 

The rising threat of breach
Earlier this year, the U.S. Department of Health and Human Services released a report regarding the frequency of and subsequent damages incurred by major data breaches in the medical sector. The study is conducted and published annually for submission to the Senate Committees on Finance and Health, Education, Labor and Pensions, as well as the House Committees on Ways and Means and Energy and Commerce.  

The Health Information Technology for Economic and Clinical Health Act dictates that the report be put forth and reviewed by elected officials in Washington to keep track of risk management in this highly sensitive industry. Suffice it to say that the report was not all that promising, as a higher rate of theft-related breaches took place in 2012 than each of the two preceding years. 

According to HHS, the theft remained the most common issue for the fourth consecutive year, accounting for 53 percent of all breaches, while unauthorized access or disclosure comprised 18 percent of the events. Not surprisingly, health care providers were the biggest offenders, with 63 percent of the total number of breaches, while business associates such as third-party service providers took up another 27 percent. 

Despite only comprising a little more than a quarter of all breaches, events originating with business associates caused nearly two-thirds of the total number of victims studied, meaning their losses were far larger on a case-by-case basis. 

Finally, laptop computers accounted for the second-largest rate of breaches with 20 percent, while desktop computers and portable electronic were not far behind with 15 percent and 13 percent, respectively. Paper was still the largest cause. 

Common-sense defense
Lost or stolen devices remain as some of the biggest threats to corporate security as evidenced by this report above, and health care organizations must begin to find ways to proactively mitigate these risks. In many instances, employee error that leads to the loss or theft of equipment containing patient health information can be avoided when using a more common-sense approach to defense. 

One such option is to leverage dynamic authentication tools that will protect networks, devices, identities and more from the threat of breach and exposure. At the end of the day, investing in these tools can have a largely positive impact on productivity, efficiency and security, while the cost of the technology will almost always be lower the damages incurred by a breach.