Saturday, November 20, 2010

Patient Data Lost More than Once a Year at 60% of Healthcare Organizations - Ponemon Institute Study


Healthcare organizations reported an average of 2.4 data breaches over the past 2 years according to a new study by the Ponemon Institute.

The resulting financial losses, including fines, legal fees, and loss of revenue, are estimated at approximately $2 million per organization.

Protectors of Health Information are Under Resourced
Of those responsible for preventing and detecting data breaches, 71% do not believe they have "sufficient resources to prevent or quickly detect patient data loss or theft."

For example, 28% of the organizations have no staff dedicated to managing data protection and another 35% have fewer than 2 staff dedicated to that effort.

Moreover, well under half the organizations feel they have sufficient technical expertise (42%) or access to appropriate technologies (37%) to effectively prevent or quickly detect the loss of patient data.

"Most likely reasons for data breach is inadequate budget for security and privacy" according to 51% of healthcare organizations." - Ponemon Institute, November 2010 (a)

Overcome the Challenge of Being Under Resourced
So how can healthcare organizations address user access to patient data despite being under resourced?

One approach is to use an on-demand identity and access intelligence service with a pay-per-use model since it is dramatically more cost effective than a traditional licensed software model that requires developing and maintaining specialized technology and technical expertise in-house.

Learn how Veriphyr Identity and Access Intelligence service effectively prevent or quickly detect patient data loss or theft.

Sources:
(a) "Benchmark Study on Patient Privacy and Data Security" by Ponemon Institute released November 9, 2010 (registration required to download report)

Monday, November 1, 2010

Insider Cyber Crime Discovered at 62% of Organizations According to Ponemon Institute Study

62% of organizations experienced cyber crime by malicious insiders according to a new study by the Ponemon Institute that studied a 4-week benchmark period.(a) In healthcare Ponemon has done further research and found criminals and malicious insiders are the root cause for 35% of all data breaches.(b)
$100,300 is the average annual cost of insider crime - Ponemon Institute, July 2010 (a)
Malicious insiders are the second most costly category of cyber crime and account for 19% of all cyber crime costs. Cyber crime is used here to refer to any criminal activity conducted via the Internet and includes viruses and worms, malicious insiders, web-based attacks, malicious code, phishing, botnet, and malware.

Details of the Cost of Insider Crime.
The internal costs of cyber crime are driven by the labor required by each stage of incident response.

As can be seen in the accompanying chart there is great potential for cost savings due to automation and use of pay-per-use services.

Reducing the Cost of Insider Crime
So how can an organizations improve security and reduce the cost of addressing cyber crime by insiders?

You can reduce the incidence of insider crime by detecting employees and contractors with excessive access rights that give them opportunity for financial fraud and data theft.

The same identity and access intelligence that detect excessive acess right can be use do reduce the cost of incident response. Especially the use of an on-demand service with a pay-per-use model since it is dramatically more cost effective than a traditional licensed software.

Learn how Veriphyr identity and access intelligence services effectively prevent or automaticaly detect data loss or theft by insiders.

Sources:
(a) "First Annual Cost of Cyber Crime Study - Benchmark Study of U.S. Companies" by Ponemon Institute released July 2010 (registration required to download report)
(b) "Benchmark Study on Patient Privacy and Data Security" by Ponemon Institute released November 9, 2010 (registration required to download report)

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.