Cygilant Blog

Protected Health Information Risk Not Limited to Healthcare Industry

Posted by Trevan Marden on Jan 8, 2016


You may be aware that criminal activity is now the leading cause of data breaches for healthcare, according to a recent study by the Ponemon Institute. But you may not realize that other industries are also susceptible to data breaches involving protected health information. In fact, the recent Verizon 2015 Protected Health Information Data Breach Report concludes that 90% of industries have experienced a breach of protected health information.


A couple of key takeaways from the report include: “The fact that an organization is not in the healthcare industry or isn’t a HIPAA-covered entity doesn’t mean that it’s not at risk of a PHI data breach,” and that “PHI loss is not strongly correlated with organization size.”


This means that nearly all organizations across industries and company sizes are at risk of a PHI data breach. The data at risk may include both employees and customers of an organization, and data such as personal addresses, phone numbers, medical insurance or social security numbers, among other records. Nearly all organizations handle some form of PHI that is subject to a potential breach.


And data breaches of healthcare information are more rampant than ever due increased criminal interest in the data, which now fetches up to $50 a record on underground markets. In fact, the report states that “PHI for half of the population of the United States has been impacted by breaches since 2009.”


So what’s an organization to do? Particularly if they may lack the time, budget, or staff to implement the large-scale security programs of larger organizations? For many organizations with these challenges, the answer may be managed security services, such as EiQ’s SOCVue services.


More and more, customers who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone – and are available for a fraction of the cost of alternate solutions!


EiQ currently offers two services:

  • SOCVue Security Monitoring is a co-managed SIEM/log management service that includes proactive security controls automation and compliance reporting delivered via an affordable monthly subscription.
  • SOCVue Vulnerability Management helps reduce your attack surface by proactively scanning your IT assets for potential vulnerabilities, while saving time and reducing your operational costs. EiQ leverages the best-of-breed vulnerability scanning technologies to ensure that scans are comprehensive and that the vulnerability database is up-to-date with the latest zero-day threats. The scan results are integrated with the SOCVue Security Monitoring service so that vulnerabilities are correlated with other security event data.

 Would you like to learn more? Sign up for a SOCVue demo today.


Tags: Healthcare, Data Breach, HIPAA, InfoSec

Most Recent Posts

Subscribe to Email Updates