By David Pignolet

The digitization of healthcare has been a powerful tool in creating better, faster, and more complete care for patients. Today’s technology enables patients and providers to more easily view and share health records, eliminate duplicate tests, improve the overall care experience, and reduce time spent on administrative duties. However, as advantageous as digitization has been for patients and healthcare professionals, it also creates a greater risk of data and access-related breaches.

This is a particularly daunting challenge for the healthcare industry. Healthcare organizations, including hospitals, utilize a large and diverse number of third parties, from students to doctors and even IoT devices to support their goal of creating a market-leading patient experience routed in satisfaction, safety, and privacy. The number and variety of third parties utilized by healthcare organizations can be limitless and unfortunately, third parties are very risky. According to a Ponemon Institute study, more than half of all data breaches can be traced to third parties and only 16% of organizations say they are equipped to effectively mitigate third-party risks.

In many cases, healthcare organizations don’t have systems in place to centrally track and manage their relationships with this burgeoning number of third parties and the access to facilities, systems, and data they require. This gap can lead to providing access that is superfluous to a user’s needs and not terminating access in a timely manner. Both of which can unwittingly expose sensitive health information and also create additional access points for hackers. Risk mitigation has never been more vital, as the number of data breaches are on the rise – due in no small part to overprovisioned access. In 2018 alone, there were more than 350 data breaches that resulted in more than 5 million healthcare records being exposed, twice as many healthcare records that were exposed in 2017.

To best reduce the risk of healthcare data breaches, follow these three key steps:

1. Quantify your organization’s risk exposure
While the operational challenges are clear and often recognized, a potentially more impactful issue is unmeasured risk exposure. According to a Ponemon Institute supply chain study, most organizations do not know their exact number of third-party users, as only a third of organizations have a record of all third parties with access to sensitive information. Healthcare organizations are admittedly one of most regulated industries in the world, so understanding and mitigating risk exposure are essential capabilities. With the proliferation of security breaches, the regulation of data security and privacy must continue to evolve to match the risks.

More Voices