Commenting on an infographic from Backgroundcheck.org – the contractor/employee verification and vetting service – which shows that 94% of healthcare organisations were breached in the last two years – Varonis Systems says this highlights the fact that data has become the ``new oil’.
David Gibson, vice president of the data governance specialist, says that healthcare data – particularly in the US – has become highly prized data, though not for the reasons you might think.
“Data attacks are increasing being carried out to gain access to information, which can then be used – and re-used again and again – sometimes even for marketing purposes. The irony of this situation is that, although the initial breach is carried out by people operating on the wrong side of the law, once the data is passed along – usually generating money in the process – the recipients are usually unaware of its origins,” he said.
“Obviously, if someone presents you with an intimate database on several tens of thousands of people, you would be suspicious as to its origin, but if the data is only partially revealed, then it will be classed as normal – and permission-based – marketing information,” he added.
The owner of the healthcare data – and, of course, the patient themselves – would strongly think otherwise, the Varonis vice president went on to say, but the reality is that information can be partially and wholly replicated many times over, without the original owner being any the wiser.
Gibson says that, in Varonis’ research released earlier this month, researchers found that almost three quarters of employees are now allowed to access company data from their personal devices.
“Our research revealed that 57% of employees believe that using a personal device for work could pose a security risk to them personally through potential leakage and misuse of confidential health - plus personal - information, yet 86% of them use their devices for work all day and night,” he said.
“And with 44% working their way though meal breaks with their handsets, it’s hardly any surprise that our colleagues at Backgroundcheck.org have revealed the high incidence of data breaches in the healthcare sector. What healthcare organisations – and all companies – really need is to have a 360-degree 24/7 view of all of their data. By making sure that only the right users have access to the right information from the right devices, use is monitored, and abuse is flagged they can quickly spot when anything untoward starts happening, and lock down their information accordingly,” he added.