Healthcare IT Security Focus On Compliance Not Breach Prevention

According to the latest Vormetric data threat report, the main healthcare IT security focus is meeting HIPAA compliance requirements, not preventing data breaches.

HIPAA Compliance is the Main Healthcare IT Security Focus

For the report, Vormetric commissioned 451 Research to conduct a survey which questioned healthcare IT managers about their spending plans for the coming year. They were asked where the bulk of the cybersecurity budget was going and what their main spending priorities were.

61% of polled healthcare IT security professionals said compliance was the main priority, while only 40% of respondents said that the main priority was preventing data breaches. 69% of respondents said achieving compliance was actually an extremely effective or very effective way of safeguarding the protected health information of patients. However, researchers at 451 Research did not agree.

While it is now essential for healthcare organizations to implement administrative, technical, and physical safeguards to ensure the ePHI of patient’s is safeguarded, complying with HIPAA Rules does not mean data breaches will not occur. Compliance will help to prevent data breaches, but the researchers point out that many HIPAA-compliant healthcare organizations have still suffered data breaches.

It is understandable that compliance is the main healthcare IT security focus with the HIPAA audits due to recommence this year, but to prevent data breaches healthcare organizations need to also protect data at rest. HIPAA does not demand the use of encryption for data at rest.

If too much reliance is placed on perimeter defenses, data breaches will occur if those defenses are breached. Only by encrypting data at rest will organizations be able to prevent the vast majority of data breaches. According to Garrett Bekker, senior analyst for information security at 451 research, “They [healthcare organizations] are continuing to invest in defenses like network and endpoint security offerings that offer little help in protecting data once perimeters have been breached.”

Majority of IT Pros Say Cybersecurity Spending Has Been Increased

The survey results show that healthcare organizations are committing more funding to improving cybersecurity protections. 60% of respondents said they were increasing spending to protect ePHI and other sensitive data. 49% said they were increasing spending on network security defenses, 39% were investing in cloud security gateways, 36% on information management systems, and 34% were putting funding into enhanced data management monitoring.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of