• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Cybersecurity

    Report: Household Members Account for Most Unauthorized Access To Patient Records

    April 12, 2019

    Nearly three-fourths (74 percent) of unauthorized insider access to patient records was users’ household members, according to CynergisTek’s 2019 report on privacy and cybersecurity findings.

    The Austin, Tex.-based CynergisTek’s 2019 report aggregated ratings from privacy and security assessments performed in 2018 at nearly 600 healthcare provider organizations and business associates across the nation to reveal an average 47 percent conformance with NIST CSF controls and an average 72 percent conformance with the HIPAA Security Rule. The report also examined the leading risks posed by third-party vendors. New areas of research in the report also took a deeper look into the Five Core Functions of the NIST framework—identify, protect, detect, respond, and recover.

    Additional findings and insight include:

    • 74 percent of unauthorized insider access to patient records was users’ household members and the second most common was accessing high profile (VIP/confidential) patient data.
    • Over 60 percent of privacy assessments found gaps in maintaining written policies and procedures to guide workforce members in managing all or some of these uses and/or disclosures of PHI.
    • The most common gaps among third-party vendors included risk assessment, access management, and governance.
    • The average rating for the “respond and recover” function was 2.5 (on a scale of 0 to 5), indicating the healthcare industry is still not as prepared to respond to a cyber incident as they should be.

    According to company officials, “CynergisTek’s 2019 report demonstrates that compliance and security are not one-in-the same. After being in effect for 14 years, the industry is still only achieving 72 percent compliance on the HIPAA Security Rule, a C-level grade at best. From a technical security perspective, this rule is no longer as relevant, since being compliant with an older, out of date rule is not about security, it is about checking boxes, and that is not a measure of risk posture or actual security. The report results highlight the growing need for healthcare organizations to make serious investments in cybersecurity readiness, as cybersecurity has become one of the top business risks facing healthcare today.”

    Continue Reading

    Sponsored Recommendations

    10 Reasons to Run Epic on Pure

    Gain efficiency & add productivity to your Epic data center. Download now to learn more!

    Payer Platform Services and Support

    Let’s leverage Payer Platform for smooth, seamless operations.When tasks are important and need to be done right, you trust the experts. The same is true for your...

    Pure Powers Progressive Payers

    Increase your business agility with Pure’s digital payer platform.Legacy storage solutions cannot keep up with the ever-expanding initiatives in the payer market. To deploy...

    Executive Handbook: Ten Transformative Trends 2024

    The editors of Healthcare Innovation have published their annual Ten Transformative Trends ensemble of articles