Healthcare organizations have a responsibility to protect health information from getting in the wrong hands. However, that data may be too easily accessible, according to a March 29 Varonis report.
The data security firm analyzed data risk assessments from 3 billion files at 58 companies to determine how data is exposed.
Six key study findings:
- The average healthcare organization had 31,000 sensitive files, including HIPAA-protected data and financial information, open to everyone.
- Twelve percent of sensitive files are available to every employee, and 19 percent of all healthcare files are open to every employee.
- Healthcare organizations average nearly 30,000 exposed folders containing healthcare files per terabyte.
- Of the analyzed companies, 77 percent had at least 500 accounts with passwords that never expire.
- It takes six to eight hours per healthcare data folder to manually remove open access. This means it would take years to mitigate security risks created by open access.
- The average life cycle of a healthcare data breach is 329 days, the highest of any industry.