×

Study Suggests Lack of Internal Data Protection Leaving U.S. Healthcare and Pharmaceutical Companies Vulnerable

NEW YORK, March 4, 2015 (GLOBE NEWSWIRE) -- As more and more private consumer data leaked from healthcare companies turns up on the black market, a recent survey suggests that more than half of U.S. healthcare and pharmaceutical employees believe that their organizations do not place a high priority on the protection of sensitive data.

According to the U.S. Health and Human Services Department for Civil Rights, there have been more than 290 public disclosures of major health data breaches in the U.S. over the past two years. The attractiveness of sensitive health data to hackers is due to its inclusion of powerful tools for identity theft such as Medicare IDs and social security numbers.

A Ponemon Institute survey commissioned by Varonis Systems, Inc. (Nasdaq:VRNS), the leading provider of software solutions for unstructured, human-generated enterprise data, surfaces an important but often overlooked consequence: a lack of emphasis on the protection of data among U.S. healthcare and pharmaceutical companies is leaving employees with greater access to sensitive patient data than they need to do their jobs. When employee activities are not tracked or audited, an insider or outside attacker that hijacks an employee account can exploit these weaknesses with impunity, leading to devastating consequences.

The survey report, "Corporate Data: A Protected Asset or a Ticking Time Bomb?" was first published in December from interviews conducted in October 2014 with 2,276 end users and IT staffers spanning various industries. Respondents included 250 employees in the U.S. healthcare & pharmaceutical industries.

Among the healthcare and pharmaceutical industry respondents:

  • 56% of IT practitioners and 51% of end users said they believe their organizations place just a moderate to low priority on the protection of company data, or no priority at all.
  • 79% of IT personnel said their organization either partially enforces a least-privilege model for data access or does not enforce one at all.
  • 65% of employees believe they have access to sensitive data they don't need to do their jobs, with 51% believing they see this data at least frequently.
  • 73% of employees said they have access to sensitive or confidential information about patients – higher than respondents from any of the other major sectors included in the survey (retail, financial services and public sector employees).
  • Of those employees, 41% report that they and their co-workers can see "a lot of" sensitive data – also more than employees from the other major industries surveyed.

Yaki Faitelson, Varonis Co-Founder and CEO, said, "As healthcare companies increasingly find themselves victimized with data leaks that impact potentially millions of patients and customers, we continue to learn that most of these attacks begin with the compromise of a few employee credentials. The damage can be greatly reduced by managing data access permissions, making sure employees only have access to the data they need to do their jobs, and by monitoring for unusual activity. The rapid growth of Varonis is happening because our solutions provide insight into who has access and who actually does access the data, who abuses their access, which files are sensitive and exposed to risk, and who from the business should be involved. We are helping healthcare organizations around the world address these challenges in ways that not only reduce risk dramatically but also improve employee productivity and IT efficiency at the same time."

Further Information

For a look at some of the key findings from the study, view this presentation. For a full copy of the study, go to http://www.varonis.com/research/why-are-data-breaches-happening. For more information on Varonis' solution portfolio, please visit www.varonis.com, visit our blog, and join the conversation on Facebook, Twitter, LinkedIn, and YouTube.

About the Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, visit http://www.ponemon.org.

About Varonis

Varonis Systems, Inc. (Nasdaq:VRNS) is the leading provider of software solutions for unstructured, human-generated enterprise data. Varonis provides an innovative software platform that allows enterprises to map, analyze, manage and migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data that includes an enterprise's spreadsheets, word processing documents, presentations, audio files, video files, emails, text messages and any other data created by employees. This data often contains an enterprise's financial information, product plans, strategic initiatives, intellectual property and numerous other forms of vital information. IT and business personnel deploy Varonis software for a variety of use cases, including data governance, data security, archiving, file synchronization, enhanced mobile data accessibility and information collaboration. As of December 31, 2014, Varonis had more than 3,300 customers, spanning leading firms in the financial services, public, healthcare, industrial, energy & utilities, technology, consumer and retail, education and media & entertainment sectors.

PDF Attachment Available: http://www.varonis.com/research/why-are-data-breaches-happening/ponemon-infographic.pdf

CONTACT: Natalie Rizk CTP 617-412-4000 x227 nrizk@ctpboston.com

Source:Varonis Systems, Inc.