« Disaster Recovery

Report: Healthcare industry lags behind in terms of data security

According to a recent report, 94 percent of medical facilities experienced a data breach in the last two years. A comprehensive disaster recovery plan can help organizations recover more quickly.
According to a recent report, 94 percent of medical facilities experienced a data breach in the last two years. A comprehensive disaster recovery plan can help organizations recover more quickly.

While the evolution of technology puts companies of all sizes, across all industries at risk for a data breach, a recent report by the Ponemon Institute and the Health Information Trust Alliance found that medical facilities are far behind others when it comes to data security.

With electronic medical records (EMRs) becoming more common, it's necessary for healthcare organizations to keep themselves HIPAA compliant, in order to keep patients' information secure but also to ensure they do not get charged with fines. Having a comprehensive disaster recovery plan will help keep all employees up-to-date on the latest security measures.

Ponemon surveyed 80 facilities and found that 94 percent experienced at least one data breach – that they were aware of – in the past two years. Additionally, 45 percent of those organizations said they experienced more than five incidents during that time. The report explained that breaches of that nature can cost upwards up to $6.78 billion annually.

"It's likely that many organizations had multiple data breaches, but didn't have the wherewithal to report or know about them," Larry Ponemon, chairman and founder of the Traverse City, Michigan-based privacy research firm, told the news source. "Sure, when there are big fines or reputation consequences to losing information, suddenly organizations have a new-found religion: but in general, we don't see that level of concern or cautiousness that exists in some other industries, like banking, for example."

Of those surveyed, 54 percent said that they had very little confidence – if any – in being able to detect a data breach.

In order to ensure that an organization's employees are fully educated on what needs to be done to prevent any security issues, a company can partner with a firm that specializes in disaster recovery consulting. These professionals will ensure that business resumption can happen quickly should a data breach occur within a medical facility.