When hospitals transfer data in an unencrypted fashion, it leaves that information vulnerable to be breached through various means. Additionally, unencrypted data can be tampered with during transit. Unfortunately, nearly a third of acute providers and less than half of non-acute providers encrypt sensitive data during transit, according to a survey from HIMSS.
"Similarly, only 61.3 percent of acute providers are encrypting data at rest and 48.4 percent of non-acute providers are encrypting data at rest," the report reads. "This, as well, leaves the door wide open to potential tampering and corruption of the data, in addition to a large potential for a breach. If a computer, laptop, thumb drive or backup were to be stolen, any person would be able to access such information."
What's more, just 57.1 percent of acute care providers and 41.9 percent of non-acute care providers currently attest to using intrusion detection systems. These systems alert staff in the event of a breach or attack. Lacking an intrusion detection system can lengthen the window that hackers or cybercriminals have to comb through a hospital system and steal information.
The survey shows that other risk-mitigation systems, such as keeping logs of who accesses patient data and for how long, and other network monitoring tools, aren't used by even a third of hospital respondents.