Contact Us

Big data security and privacy concerns in healthcare

Author: Satta Sarmah Hightower

Data has become a key strategic asset for companies in almost every industry. But for healthcare organizations, the stakes of maximizing the use of data are even higher.

Big data—the huge amounts of structured and unstructured information that organizations collect, store and analyze to generate insights that enable them to compete more effectively —can be an invaluable tool for healthcare organizations seeking to improve patient outcomes and deliver quality care at a lower cost.

But for all the power big data wields, it also comes with significant risks. A range of big data security and privacy issues in healthcare must be addressed for organizations to improve care delivery without compromising sensitive data. As healthcare organizations collect an ever-growing volume of information, it will be critical for them to develop and maintain robust security protocols to safeguard data security and privacy.

The rise of big data in healthcare

As technologies like the cloud and artificial intelligence (AI) have been adopted more widely, it's become easier to collect, quantify, measure and analyze people's interactions with organizations across several touchpoints. Every time a person visits a doctor, downloads and uses a healthcare app, or interacts with the healthcare system, they generate quantitative and qualitative data healthcare organizations can use to improve their delivery of care.

With the cloud, AI and other emerging technologies, healthcare organizations are now able to make better sense of all the structured and unstructured data they collect, including patient medical records, population health data and personally identifiable information, such as addresses, names and dates of birth. In addition, new digital health companies use sensor-based technologies to collect data for things like medication adherence, physical activity levels and even biometric data like DNA.

All this information can drive better decision-making in healthcare, especially when it comes to treatment decisions, the most effective medical interventions for certain diseases and which programs can increase patients' engagement in their care. Even with all these benefits, however, healthcare organizations must be mindful of data security and install the proper governance processes to protect healthcare data.

Understanding healthcare data security risks

Healthcare is one of the most highly regulated industries in the United States, so ineffective data security comes with significant regulatory and reputational risks for healthcare organizations, particularly in terms of Health Insurance Portability and Accountability Act (HIPAA) compliance and other federal and state laws that govern protected health information.

Cyber criminals are working hard every day to access this data and sell it on the dark web or repurpose it to access other systems that are their intended target. Last year, data breaches allowed hackers to access 41.4 million patient records. In 2020, the trend has continued. A Florida orthopedic care center, a Medicaid organization in Oregon and a physicians' group in Indiana are among the many healthcare organizations that have experienced data breaches. A ransomware attack, laptop theft and improper disposal of sensitive data led to these security incidents, respectively.

Healthcare organizations also face security threats such as malware, denial-of-service (DDoS) attacks and phishing schemes. To deal with big data security and privacy issues in healthcare and improve security, organizations can take several measures.

Taking steps to safeguard healthcare data

Healthcare organizations can consider implementing the following security measures to better protect healthcare data:

  • Identity authentication: Implementing role-based access control and multi-factor authentication can help healthcare organizations ensure that only the right people can access data in electronic health records and IT systems. With improved identity and access management, organizations can reduce the risks presented by password breaches, device theft or even employees' poor cyber behavior.
  • Endpoint compliance and management: With more people working remotely, more devices are connected to networks, making endpoint security even more critical. Healthcare organizations should consider adopting endpoint protection and mobile endpoint security solutions that give them end-to-end visibility into the apps and devices connected to their networks.
  • Mobile device management: Mobile device policies and mobile device management solutions can improve data security and governance by giving healthcare organizations access to advanced threat detection and monitoring capabilities. The key to improved healthcare data security is to prevent attacks before they happen, and using these mechanisms can help organizations defend their healthcare data.
  • Vendor management: Some security incidents occur not because a healthcare organization has poor cyber security but because its vendor does. It's critical that healthcare organizations only work with security-focused vendors that embrace standard security frameworks (such as the National Institute of Standards and Technology framework), conduct regular vulnerability testing, are responsive and proactive in the event that a breach occurs, and offer secure technologies.
  • Intelligent load-balancing technology: Healthcare organizations also need to ensure that their systems have the computing resources necessary to handle their workloads and the volume of data they collect. Intelligent load-balancing technologies can help healthcare organizations intelligently redistribute workloads across their networks using on-premises and cloud servers, maximizing availability and reliability while also combating threats like DDoS attacks.

Addressing big data security and privacy

Healthcare organizations have a noble mission to deliver the best care possible. Data has become a key tool in achieving this goal, but as hospitals, health systems and other clinical organizations collect more information across disparate systems, they must find a way to manage data sprawl and safeguard data security and privacy.

Identity authentication, mobile and endpoint protection solutions, and intelligent load-balancing technologies can help healthcare organizations strengthen data security and ensure that the information patients share with providers is always protected and used for the greater good.

Explore Verizon's Data Breach Investigations Report and learn more about the cyber threats to healthcare organizations