Microsoft is highlighting the need for improved protection of patient health care records and will be providing assistance in the coming months.

http://www.eweek.com/security/microsoft-calls-for-health-care-security-intervention.html

After a seemingly nonstop series of breaches affecting health care organizations, the software giant announces plans to engage with IT security professionals in the industry.   Overflowing with sensitive personal data and payment information, health care systems are a prime target for hackers.

In October, Accenture estimated that over five years, cyber-attacks will cost U.S. health systems $305 billion in cumulative lifetime revenue. One in 13 patients can expect to have their personal information stolen, including financial details or Social Security numbers, during that time.  Early last year, health insurance provider Anthem reported a data breach affecting 80 million users. Around the same time, fellow health insurer Premera disclosed a breach affecting up to 11 million people.

Faced with these risks, Leslie Sistla, chief information security officer of Microsoft Worldwide Health, is calling for “security intervention in health care.” One industry’s approach to data security can fall short in another industry, particularly health care, where personal, health and financial information often intersect. “The natural tension between safeguarding data and giving clinicians quick access to patient records, often in life-or-death situations, means the practices that serve other industries can’t just be mimicked in a healthcare setting,” said Sistla in a Feb. 24 advisory announcing a new outreach effort by her company.

In addition to new investments in security research and development, Microsoft intends to provide health care IT professionals with strategies and guidance with a new blog series. “In future posts, we’ll look at how to mobilize entire organizations, from the C-suite to the clinic, to support a shared culture of cybersecurity,” she pledged.  The company will be also sharing its findings, including “some surprising gaps in the kinds of data protected under HIPAA [Health Insurance Portability and Accountability Act],” along with recommendations on balancing security with the data accessibility demands of running a health care organization.