The healthcare industry is no stranger to data breaches. In 2017, SSM Health, the University of Iowa Health Care (UIHC), and Arkansas Oral & Facial Surgery Center all suffered security incidents where bad actors possibly exposed patients’ medical data. No doubt there are also countless other healthcare organizations that have yet to detect an ongoing system compromise.
Notwithstanding these events, most healthcare IT professionals feel confident they can detect and remediate a breach. Ninety percent of participants in a 2016 Tripwire study believed it would take their employer’s vulnerability scanning systems just hours to generate an alert if an unauthorized device connected to the network. Yet 49 percent of respondents admitted they had no idea how long that process would take.
Healthcare IT professionals responded similarly with respect to configuration changes. Eighty-four percent thought they could detect such modifications to a network device within hours. At the same time, 54 percent didn’t know the average timing of detection.
IT personnel working in healthcare might very well be placing too much faith in their organization’s breach preparedness. By no means, however, are they the only ones to feel overconfident about their employer’s ability to detect a security incident. A survey conducted by the University of Phoenix reveals healthcare professionals are also overoptimistic.
Between August 15 and September 1, 2017, the University of Phoenix commissioned Harris Poll to survey 504 adults working in the United States either as registered nurses (RNs) or as administrative staff. When asked if they felt “very confident” in their organization’s ability to secure patient data against potential theft, 48 percent of RNs answered affirmatively. A slightly higher percentage of administrative staff (57 percent) expressed a similar sentiment.
That being said, they might not have reason to feel that way. Twenty-one percent (Read more...)
This is a Security Bloggers Network syndicated blog post authored by David Bisson. Read the original post at: The State of Security