Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/20/2009
02:12 PM
50%
50%

E-Health Records Put Patient Privacy At Risk

Healthcare IT managers say their organizations aren't adequately protecting electronic health records, survey says.

Healthcare providers aren't adequately protecting patient privacy in implementing e-health records, according to a recent survey of healthcare IT managers. Some 80% of healthcare organizations have experienced at least one incident of lost or stolen health information in the past year.

The study from security management company LogLogic and the Ponemon Institute, which conducts privacy and information management research, found that patient privacy is at risk in the nationwide push to implement e-health records.

"The majority of IT practitioners in our study don't believe that their organizations have adequate resources to protect patients' sensitive or confidential information," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, in a statement about this month's study, released Tuesday. "The lack of resources and support from senior management is putting electronic health information at risk."

Some 70% of IT managers surveyed said that senior management does not view privacy and data security as a priority. Some 53% say their organizations do not take appropriate steps to protect privacy rights of patients, while less than half judge their existing security measures as "effective or very effective." And the average cost of a data breach exceeded $210 per compromised record, creating an opportunity for computer crime rings to traffic in stolen medical records.

More than two-thirds of healthcare organizations have digitized at least a quarter of their patient records, and a third had digitized more than half, according to the study.

LogLogic sponsored the study, independently conducted by the Ponemon Institute, which surveyed 542 senior IT practitioners from healthcare organizations with an average of more than 1,000 employees. LogLogic posted highlights of the study on its Web site.

LogLogic also did another independent survey of information security professionals at seven large hospitals and medical groups. In that survey, security pros said new HIPAA rules, while not perfect, are a good start in improving the protection of electronic patient records. The head of security of one major hospital group told LogLogic, "In the final rules for HIPAA, if you have a breach you are by definition not compliant -- none of the wishy-washiness of the original rules. This merges HIPAA privacy and security for the first time."

InformationWeek has published an in-depth report on e-health and the federal stimulus package. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11997
PUBLISHED: 2021-01-19
Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that co...
CVE-2020-27266
PUBLISHED: 2021-01-19
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.
CVE-2020-27268
PUBLISHED: 2021-01-19
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.
CVE-2020-27269
PUBLISHED: 2021-01-19
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences vi...
CVE-2020-28707
PUBLISHED: 2021-01-19
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The stockdio_eventer function listens fo...