In the 2015 Anthem data breach, the compromise of an adminstrator’s credentials was the initial entry point that caused the breach and exposure of 13.5 million patient records. High-profile, high-impact breaches like this are spurring healthcare enterprises to institute more cybersecurity defenses and to monitor the insider threat.
According to the 2015 Vormetric Insider Threat Report – Healthcare Edition, 48 percent of IT decision-makers in healthcare organizations surveyed report either encountering a data breach or failing a compliance audit in the last year (tying with U.S. retailers as the highest of any category Vormetric surveyed). Sixty-two percent of survey-takers identified privileged users as the most dangerous insider threat, followed by partners with internal access and contractor/service-provider employees.
IT decision-makers are not confident in their enterprises’ cybersecurity. Of those polled from healthcare enterprises, 92 percent reported being somewhat or more vulnerable, and 49 percent of those said they felt their organizations were very or extremely vulnerable. The global average is 34 percent considering their businesses very or extremely vulnerable.
The top four drivers for securing sensitive data for U.S. healthcare enterprises are:
- Compliance Requirements
- Implementing Best Practices
- Avoiding Data Breach Penalties
- Reputation and Brand Protection
In terms of spending, preventing a data breach is now the top driver for setting IT security spending priorities at 53 percent, 2.5-times the 2013 overall number. Fulfilling compliance requirements and passing audits has fallen on a spending priorities scale to 39 percent.
Want to learn more about cybersecurity and the insider threat? Keep an eye out for the August 2015 edition of Security magazine.