At a Glance: Data Loss Prevention in Healthcare

  • By Maddie Rosenthal
  • 30 June 2020

Data Loss Prevention (DLP) is a priority for organizations across all sectors, but especially for those in Healthcare. Why? To start, they process and hold incredible amounts of personal and medical data and they must comply with strict data privacy laws like HIPAA and HITECH. 

Healthcare also has the highest costs associated with data breaches – 65% higher than the average across all industries – and has for nine years running

But, in order to remain compliant and, more importantly, to prevent data loss incidents and breaches, security leaders must have visibility over data movement. The question is: Do they?

According to our latest research report, The State of Data Loss Prevention 2020, not yet.

How frequently are data loss incidents happening in Healthcare?

Data loss incidents are happening up to 38x more frequently than IT leaders currently estimate. 

Tessian platform data shows that in organizations with 1,000 employees, 800 emails are sent to the wrong person every year. Likewise, in organizations of the same size, 27,500 emails containing company data are sent to personal accounts. These numbers are significantly higher than IT leaders expected.

Sourse: Tessian's State of Data Loss Prevention 2020

But, what about in Healthcare specifically? We found that:

  1. Over half (51%) of employees working in Healthcare admit to sending company data to personal email accounts
  2. 41% of employees working in Healthcare say they’ve sent an email to the wrong person
  3. 35% employees working in Healthcare have downloaded, saved, or sent work-related documents to personal accounts before leaving or after being dismissed from a job

Download the data sheet for more stats, including graphs.

This only covers outbound email security. Hospitals are also frequently targeted by ransomware and phishing attacks and Healthcare is the industry most likely to experience an incident involving employee misuse of access privileges

Worse still, new remote-working structures are only making DLP more challenging.

“We can’t blame employees. After all, they’re just trying to do their jobs and cybersecurity isn’t top-of-mind, especially during a global pandemic.”

Healthcare professionals feel less secure outside of the office 

While over the last several months workforces around the world have suddenly transitioned from office-to-home, this isn’t a fleeting change. In fact, bolstered by digital solutions and streamlined virtual services, we can expect to see the global healthcare market grow exponentially over the next several years. 

While this is great news in terms of general welfare, we can’t ignore the impact this might have on information security.  

Half of employees working in Healthcare feel less secure outside of their normal office environment and 42% say they’re less likely to follow safe data practices when working remotely.  

Why? Most employees surveyed said it was because IT isn’t watching, they’re distracted, and they’re not working on their normal devices. But, we can’t blame employees. After all, they’re just trying to do their jobs and cybersecurity isn’t top-of-mind, especially during a global pandemic. Perhaps that’s why over half (57%) say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job. 

That’s why it’s so important that security leaders make the most secure path the path of least resistance.

How can security leaders in Healthcare help protect employees and data?

There are thousands of products on the market designed to detect and prevent data incidents and breaches and organizations are spending more than ever (up from $1.4 million to $13 million) to protect their systems and data. 

But something’s wrong. 

We’ve seen a 67% increase in the volume of breaches over the last five years and, as we’ve explored already, security leaders still don’t have visibility over risky and at-risk employees.

So, what solutions are security, IT, and compliance leaders relying on?

According to our research, most are relying on security training. And, it makes sense. Security awareness training confronts the crux of data loss by educating employees on best practice, company policies, and industry regulation. But, how effective is training, and can it influence and actually change human behavior for the long-term?

Not on its own. Despite having training more frequently than most industries, Healthcare remains among the most likely to suffer a breach. The fact is, people break the rules and make mistakes. To err is human! That’s why security leaders have to bolster training and reinforce policies with tech that understands human behavior.

How does Tessian prevent data loss on email?

Tessian uses machine learning to address the problem of accidental or deliberate data loss. How? By analyzing email data to understand how people work and communicate. 

This enables Tessian Guardian to look at email communications and determine in real-time if a particular email looks like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. 

“Insurance professionals can only succeed if they have modern systems that enable timely and effective delivery of care. Tessian is a fantastic tool for enabling that fluidity of communication across the organization.”
Ian Brennan Director of IT at Laya Healthcare

Interested in learning more about how Tessian can help prevent data loss in your organization? You can read some of our customer stories here or book a demo. You can also download this data sheet to share key statistics with others.

Maddie Rosenthal