While healthcare breaches are on the rise, most small facilities feel that their systems adequately limit the risk of a data breach despite one in three facilities spending less than 10 percent of their IT budget on protecting patient data.
Most notably, a new CSID survey revealed:
- Only 16.7 percent are worried about losing patient data in the event of a data breach, however, most small healthcare facilities are unprepared for a breach to occur. Less than a third (28.6 percent) have a crisis plan in place in the event of a breach.
- Most healthcare facilities (81 percent) require strong passwords to access systems hosting sensitive information and control who has access to electronic health records, but only a third use multi-factor authentication and just one quarter vet and audit vendors that have access to patient data.
- Half of employees who have access to electronic health records also have access to their personal email at work. This makes it easy for patient data to leave a facility without being tracked.
- The vast majority (85 percent) of small healthcare facilities feel that their systems limit the risk of a data breach, but one third spend 10 percent or less of their IT budget on protecting patient data.
“With the rise of electronic medical records, one weak link can be devastating for the whole system. This survey shows that smaller healthcare facilities may not have adequate resources or know-how to protect patient data, potentially putting these entities and their patrons at risk,” said Joe Ross, president of CSID.
“It is going to be increasingly important for all healthcare facilities to proactively protect against medical data theft by implementing stronger security protocols and having a breach plan in place. Our goal here is to help them do this,” added Ross.