Importance of an Information Security Strategy

In a health care-related business, protection of the customer's data is paramount. Although the threat to digital assets has grown over the past five years, many companies don't understand how at risk they are or have no strategy in place.

In a health care-related business, protection of the customer’s data is paramount. Although the threat to digital assets has grown over the past five years, many companies don’t understand how at risk they are or have no strategy in place, according to an Accenture study in collaboration with the Ponemon Institute.

Although Accenture surveyed mid- and large-sized companies in “Traditional Approaches to Information Security are No Longer Sufficient,” small medical practices are at great risk as well. In fact, Kroll’s Cyber Security and Information Assurance reported that “small practice are more susceptible to security vulnerabilities," according to Amednews.com.

According to Accenture, a minority of companies — 12% — are doing a good job protecting their digital assets. These large- and mid-sized companies reported that the reason their security is probably lacking is because they don’t have the budget, according to 44%. This is of even more concern for small medical practices.

Companies that follow industry-leading practices — such as align security and business strategies, formally assess security and create an effective strategy that is updated regularly — have a lower incident of serious attacks and breaches.

In a medical practice, external attacks aren’t the only security concern. Breaches in security from systems failure or from employees are more likely, according to Accenture.

Employees could accidently compromise sensitive data by leaving a laptop unsecured in a public place, downloading infected files or sharing information with unauthorized parties. A breach of security for a medical practice could be disastrous given the sensitive nature of the information.

Typically a quarter of businesses have no security strategy, and those who don’t formally evaluate it. Thirty-five percent don’t measure the effectiveness of their security strategy, while 39% only informally measure it.

Last year there were three significant data breaches at health care organizations, which put 11 million patient records at risk, according to Amednews.com. And a breach can be very costly when it comes to notifying the patients and loss of income.

So the best defense is a good offense. By putting a strategy in place and regularly evaluating and updating it, medical practices can protect themselves and their patients from intentional or accidental security breaches.