Why your health data isn’t as secure as it should be


Your health status is perhaps the most intimate information anyone could know about you, so it should be your decision whether you share or keep your medical records private.

Unfortunately, hospitals, doctors’ offices and insurance companies frequently expose our health data through accidental loss, device theftemployee negligence, and data breaches perpetrated by hackers.

Even as the amount of health data rapidly increases, and data security laws become more punitive, medical ID theft continues to rise.

So what are healthcare providers doing about this worrying trend?

If you live in the UK, at least, the answer is not enough.

A survey of 250 CIOs, CTOs and IT managers employed by the UK National Health Service (NHS) has revealed a disconnect between how strong they think their IT security is and the level of data security that is actually in place.

Three-quarters (76%) of respondents to the NHS survey, conducted by Vanson Bourne on behalf of Sophos, think that they have adequate protection against cybercrime and data loss.

But their data security practices leave worrisome gaps.

Although encryption of laptops and USB drives is mandated by law, and 84% of respondents believe encryption is becoming a necessity, encryption is not broadly used:

  • Only 10% say that encryption is “well established” within their organization.
  • Only 59% encrypt email.
  • Only 49% encrypt files shared on the network.
  • Only 34% encrypt data stored in the cloud.

The survey also highlights how NHS organizations are facing significant IT security challenges such as the increased mobility of service delivery, as providers use a wide variety of devices to access records and other patient data on the move.

Data loss is the biggest IT security concern for 72% of NHS organizations, and 48% cite mobile and remote working as one of the main challenges facing their IT departments.

And while 54% say there is heightened awareness of data security due to high-profile breaches and upcoming EU data protection legislation, these growing concerns come at a time of tightening budgets, with survey respondents expecting their IT budgets to be cut by an average of 6%.

According to the UK Information Commissioner’s Office (ICO), the NHS was hit by more data breaches in 2015 than any other sector in the UK, representing almost half of all incidents tracked by the ICO.

(To be fair, the NHS is the world’s biggest health service, and has the fifth biggest workforce on the planet, behind only the US Department of Defense, the Chinese PLA, McDonalds and Walmart.)

Visit sophos.com to read more about the NHS survey.

Image of doctor with tablet courtesy of Shutterstock.com.