25% Of Healthcare Organizations Don't Encrypt Patient Data In The Cloud

By Christine Kern, contributing writer

Cloud encryption alone is not enough; it must be paired with tougher regulation.

There is a new wrinkle when it comes to healthcare and patient data in the cloud: a HyTrust study found 25 percent of healthcare organizations are not encrypting patient data, meaning unauthorized people have access to health records and all data stored with it. This includes names, birthdates, and social security numbers.

“To have a strong IT security chain you need to look at where data resides,” Ebba Blitz, CEO of Alertsec writes in an email. “It is in the cloud and on the device or traveling back and forth between the two. You need to protect the entire chain. Not encrypting your endpoint is like locking your door but leaving the keys on the front step. Anything that you have worked on in the cloud or on your device needs to be encrypted or you are exposing your patients to risk.”

Losing your unencrypted laptop or other device puts your personal information at risk, as well as your user names and passwords to all of your financial, insurance, and business information. The risks are so significant there is currently a growing trend where American’s support tougher cyber security regulation.

An Alertsec study examined New York’s new cyber security regulations which are the strictest in the country. It found people approve of tougher regulation and enforcement to keep their data safe. In fact, 23 percent expect more states will adopt tougher cybersecurity protocols, 12 percent believe the new regulation will prompt the Federal Government to adopt tougher cybersecurity measures, and 13 percent fear the new regulation is useless without mandatory encryption.