HIT data leaks: It's time to fix the plumbing

As everyone knows, hackers are always on the hunt for credit card data, personal information such as Social Security numbers and any financial details to steal money, grab someone's identity and sell the info to the highest bidder.

But have you ever wondered what your healthcare data represents to a hacker or how much it would go for on the black market?

Forrester analyst Chris Sherman says the price ranges from $20 for a single health record to more than $500 for a more complete patient dossier, according to a Wall Street Journal report.

Now just consider how many health records most of us have and will create in our lifetimes. Also consider, as hackers come up with more sophisticated ways to use data for nefarious purposes, how that price point will climb and how much more attractive healthcare data will become.

Yet, as FierceMobileHealthcare (and FierceHealthIT) has reported, security isn't always a priority in healthcare, and the industry itself is lagging behind other segments in making it a priority. A recent IDG Connect survey reveals that the healthcare industry worldwide is not keeping pace with necessary mobile device security, especially regarding unsanctioned device use.

"When ranked according to impact on a global basis, the healthcare sector was particularly affected by data leakage monitoring issues compared to other industries," the report states, which cites healthcare as the most immature industry in terms of personal mobile device security, endpoint compliance discovery and remediation.

What's more, consider this fact: 89 percent of U.S. healthcare workers are using personal smartphones for work, according to a Cisco partner network study published in 2013. Forrester's latest report indicates that just 59 percent of healthcare workers are encrypting mobile devices.

That figure, as Sherman told WSJ, should be much higher.

"This shows that healthcare has a way to go before they can say that they have data protection," he said.

None of this is welcome or happy news. But a sliver of a silver lining remains--there is time to reverse the tide and help the healthcare sector avoid data breach nightmares that other industries, such as retail, have been experiencing for years.

But it has to start fast and at every endpoint. Healthcare workers using personal devices at work, who may be collecting or sharing patient data, must ensure there is appropriate security in place, such as encryption tools. Hospitals and medical facilities distributing such mHealth tools to workers need to take the same approach and make data security the top priority. Even consumers and patients can play a role in demanding proof that their data is being stored and shared in a protected manner.

The WSJ report, citing Forrester, notes that in the past nine years 39 percent of healthcare security incidents have involved a lost or stolen mobile device, and that those incidents account for 78 percent of all reported breached records in the healthcare sector.

"Endpoint data security must be a top priority in order to close this faucet of sensitive data," Sherman told WSJ.

It's time everyone jumped on the wrench to stop the leaking. - Judy (@JudyMottl and @FierceHealthIT)