News Feature | February 10, 2014

8 Of 10 Healthcare Organizations Not Prepared For Disaster Recovery Incident

Rebecca McCurry

By Rebecca McCurry

HTO Hospital

Many health organizations not fully prepared to handle power outages or security breaches

MeriTalk's "Rx: ITaaS + Trust" study examines how much security breaches, unplanned power outages, and data losses end up costing providers more than $1.6 billion every year. According to the study, "19 percent of respondents from global healthcare organizations have experienced a security breach in the last 12 months, which ended up costing them $810,189 per incident."

Many of these breaches were caused by malware and viruses, physical security breaches, outsider attacks, and user error. The study further explains "28 percent of respondents have experienced data loss in the last 12 months." This ended up costing them $807,571 per incident. Unplanned power outages are often experienced by providers, which can end up costing up to $432,000 per incident.

MeriTalk, acknowledging the odds of a breach or outage are relatively high, notes most organizations aren’t prepared. “Providers acknowledge there is more work to be done. Less than one in three respondents (27 percent) believes their organization is fully prepared to ensure continuous availability of ePHI during unplanned outages, disaster recovery, or emergency mode operations.

“And, once an emergency has passed, only 50 percent of respondents are confident in their organization’s ability to restore 100 percent of the data required by SLAs. More than half (56 percent) would need eight hours or more to restore 100 percent of the data. The majority - 82 percent - say their technology infrastructure is not fully prepared for a disaster recovery incident.”

A representative from EMC, Roberta Katz, recently told CruxialCIO "Many healthcare organizations are in the process of building services delivery capabilities within their organizations. As healthcare organizations start looking at their infrastructure for transforming IT, they're realizing they have gaps or areas of improvement for protecting and securing protected health information." To begin preparation for handing security breaches, outages, and data loss, organizations are encouraged to take a layered approach to protect their data. This includes authentication, audit tools, log management, and HIPPA security risk analysis.

In the article by Health IT Outcomes "Securing Mobile Healthcare Applications In A World Of BYOD," it is explained that providers should "never store ePHI on the mobile device itself; instead keep data in HIPAA-compliant data centers and servers, and use a secure virtual private network (VPN) to access the data remotely with devices." Mobile health applications provide an array of benefits, including creating a smoother workflow with increased productivity; however, providers should enlist a "HIPPA-compliant hosting provider to reduce the risk of a costly data breach."

Want to publish your opinion?

Contact us to become part of our Editorial Community.