Business View - May 2015 15
breaches. Unfortunately, compliance standards evolve
slowly, often with years between revisions. Threats to
data however, change quickly as new vulnerabilities
are found and new attacks are developed. The result
is that meeting compliance requirements is no longer
enough to protect sensitive data.
With the combination of healthcare data becoming
a very attractive target, and a high regard for compli-
ance as an effective defense, it isn’t surprising that
26 percent of healthcare respondents reported that
their organization had previously experienced a data
breach. The fact that 48 percent reported that in the
last year their organization had failed a compliance
audit or encountered a data breach is also troubling,
indicating possible problems with meeting even base-
level compliance.
However priorities appear to be changing, with re-
spondents reporting that compliance is their second
priority for IT security spending at 39 percent, behind
preventing a data breach at 53 percent. The impor-
tance of data breach prevention increased 2.5x from
21 percent just two years ago, a substantial change in
attitudes (when compared against results reported for
all respondents in the 2013 Vormetric Insider Threat
Report).
“Healthcare data has become one of the most desir-
able commodities for sale on black market sites, yet
U.S. healthcare organizations are failing to secure that
data,” said Alan Kessler, CEO of Vormetric. “An over-
reliance on compliance requirements and a cursory
nod to data protection point to systemic failures that
are putting patient data at risk. What’s needed is for
healthcare organization to realize that compliance is
not enough, and to implement the controls and poli-
cies required to put the security of their data first.”