Digital transformation threatens data security at US healthcare organisations

Criminals target sensitive data left unencrypted after digital transformation initiatives

Digital transformation is yielding huge benefits to healthcare organisations and the treatment of patients, by making it easier for critical patient information to be shared among medical partners who play a key role in patient care. As part of these initiatives, sensitive patient data is being placed in the cloud by eighty percent of healthcare providers, according to a new report commissioned jointly by Thales and IDC.

“Data security is increasingly complex, particularly for healthcare organizations immersed in cloud and digital transformation initiatives. The focus should be to encrypt everything in the cloud and keep control of the data by centrally managing the keys to the encrypted data.” said Tina Stewart, vice president market strategy for cloud protection and licensing activity at Thales.

US federal regulations impose significant penalties on healthcare organisations that fail to comply with data security requirements. Yet 25% of respondents to the study from Thales failed data security compliance audits in the past year, while up to 38% are leaving data unencrypted.

Part of the data security challenge arises from the use of multi-cloud environments, which add to the level of complexity. There is also under-investment in IT security: spending is tapering off, leaving limited resources for safeguarding new environments in addition to legacy systems.

The vast and growing datasets of personally identifiable information pose a particular risk for healthcare providers. And when healthcare data is stolen, it is difficult to mitigate against the potential damage.  

Frank Dickson, program vice president for security products research, IDC said: “private patient data circulates endlessly which opens opportunities for various types of fraud to occur again and again from a single breach.”