Relatively few healthcare IT leaders think patient data is at risk, according to a sizeable slice of respondents to a new Ponemon Institute global survey of IT and IT security professionals. Of the 142 respondents in the healthcare and pharmaceutical industries (1,587 respondents participated overall, in six industry sectors), only 9% said patient information was in peril, while 59% said loss of customer data was their biggest worry.
“What I interpret this to say is that patient data is already receiving tight security,” said Julie Lockner, vice president of business development and product marketing for Informatica, the data integration company that sponsored the survey.
What healthcare respondents fretted about most was how to protect sensitive data as it migrates to mobile platforms, the survey showed. In fact, healthcare topped all the industry sectors in this concern. And of the sectors, healthcare showed up as number two in not knowing where sensitive data is in their networks and databases, and how to locate it, Lockner said.
As for data breaches, 23% of healthcare respondents said they only had one such incident in the past year; 18% reported two to five breaches; 3% said they had more than five; and 56% said they had experienced none.
The other sectors surveyed were financial services; industrial-manufacturing; retail; high-tech; and energy.
In one somewhat reassuring finding, a plurality, 43%, said they knew where most of where their organization’s unstructured sensitive data — or files and emails not in databases — is. More worrisome, 38% said they didn’t know where some was, and only 8% said they knew all the data’s location.
“This shows that healthcare is more confident than most, but still pretty low,” Lockner said.
As far as structured data goes, 14% said they were confident they knew where it all was, and 24% said they didn’t know where some was, with other percentages somewhere in between.
Lockner’s advice for healthcare CIOs is they should look more often to their data architects for guidance on security. Data architects typically understand data structures and where data is flowing, but they don’t usually have responsibility for data security.
“They need to have more of an active role,” she said.
When asked if they could have avoided data breaches if they had more skilled data security practitioners, 57% of the healthcare respondents said yes, Lockner said.