If you want sensitive data, see your local doctor

Many of the companies I work with are calling on the medical vertical.  Medical offices have highly sensitive data, they’re under HIPAA regulations (note the correct spelling on this), they’re somewhat recession proof, and unfortunately, in many cases doctors don’t seem to care.

I’ve had numerous sales people tell me, the doctors won’t get involved in security projects; they don’t want to spend money on security unless there is a clear regulation or pending audit.  And while there are some doctors that do care, practices are generally run by a group and getting everyone’s buy-in is difficult.

Today’s WSJ reports on the growing push by our government to move medical to electronic; however, they are also behind in addressing security.  Stay tuned for new regulations and possible funding – a few notes from an article entitled, New Epidemic Fears: Hackers. 

• Portions of a $29 billion fund are available to reimburse hospitals and doctors’ offices that invest in electronic records systems and other software that might improve care and lower health-care costs.
• In recent years, the number of reported data breaches at healthcare organizations has soared, despite laws requiring the groups to protect patient information.
•  Criminals can use this information to open credit-card accounts in the victim’s name. Among the more nefarious crimes these breaches can lead to is medical identity theft, when someone receives health-care services using the victim’s name and insurance.