According to the Identity Theft Resource Center, the healthcare industry experienced more data breaches in 2013 than it ever had before, accounting for 44% of all breaches, and surpassing all other industries, including the business sector.
Criminal attacks on healthcare systems have risen 100% over the past four years, also, according to a recent benchmark study on patient privacy and data security conducted by the Ponemon Institute. The same study revealed that 90% of respondents had experienced a data breach in the previous two years and 38% had had more than five incidents! Topping the list of breaches was the usual suspect: a lost or stolen computing device.
Naturally, I was curious to find out what the study had to say about the cloud and its role in data theft and security breaches. Surprisingly, 52% of those surveyed admitted that they’re storing patient medical records in public cloud data centers. Even more baffling was this: One of the questions asked of participants was, “How confident are you that information in a public cloud environment is secure?” Only 12% responded “very confident” and another 46% admitted to being “not confident.”
The only thing I can make of these seemingly contradictory findings is that healthcare organizations believe they must adopt cloud services to fulfill HIPAA HITECH requirements, but a large percentage of them seem to believe that public cloud services are their only option.
I wonder what would happen if more IT service providers could educate healthcare IT decision makers about the vast differences in security and other features that are available with private and hybrid cloud offerings? I think they’d have a better chance of experiencing the level of success that Pact-One, a 55-employee managed services provider focused on the dental industry, is enjoying.
Last year, Dan Edwards, CEO of Pact-One, shared with me that the acceptance of cloud’s use in business owes a lot to the prevalence of consumer-based cloud services ranging from Internet banking to Dropbox. Edwards finds that this openness to cloud services sometimes leads to objections when Pact-One pitches one of its business-cloud offerings, such as cloud backup and recovery.
“Some customers mistakenly think that what we’re trying to sell them is just a more expensive version of Dropbox,” he says. “This usually leads to a discussion about how our offering uses encryption to protect their data and how we’re able to provide them with a quick recovery time in the event their local backup and server would ever fail — two claims consumer-based [i.e. public] cloud offerings lack.”