I just read an article from eWeek that focused on how common data breaches are in the healthcare industry. OK, I said to myself, but then given my inquisitive nature at times, I typed in “healthcare data breaches” on one of leading search engines and voila! I saw The Washington Post reporting on how 2015 is the year of healthcare breaches. The article reported that data of over 120 million people has been compromised in more than 1,100 separate breaches at organizations handling protected health data since 2009. Scary indeed, but what I found extremely shocking was the next search result in which InformationWeek reported that healthcare data breaches would surge in 2014.
The article in eWeek talks about how the IT spend in healthcare is changing and meeting compliance requirements is now being a second priority over defending data breaches. Is it changing really? Because in January DJO Global reported a breach, in February the Boston Baskin Cancer Foundation reported a breach and Valley Community Healthcare reported a breach just last month in March. Different tree, same wood!
A trend in healthcare and consistent breach instances like these are akin to my kids saying they don’t want to do something because it’s hard. I’m certainly not passing any judgement on healthcare industry and its security practices, they are what they are. The context is more about the pre-assumed concept that encryption is hard, complicated, cumbersome and other such nonsense. It’s not.
With the onset of technologies like AES-NI, SEDs and the general improvements in OS performance and processor speeds, encryption is nowhere near as ‘cumbersome’ as it was 5 years ago. Of course, there are a lot of ‘numbers involved with it,’ mostly to do with encryption strings, keys, key files and other millisecond transactions that encryption solutions do to secure data – all of which are completely transparent to the user and a proper key management solution makes it easier than ever for the IT guys to manage it all.
Organizations really need to start looking at data encryption and key management solutions as insurance. You wouldn’t drive a car without insurance because (beside the fact that it’s illegal) if you get into an accident the costs to address the damage, personal injury etc. would be astronomical. The same can be said for the privacy of data. Data encryption solutions are a form of insurance in the event a device is lost or stolen it limits risk and exposure both legally and financially.