Vendors are not being held accountable for meeting minimum security standards by healthcare organisations, claims a new survey.
Carried out by security risk management firm Corl Technologies, the research claims that more than half of data breaches in the sector are down to small businesses.
To reach these conclusions, the company analysed security practices of more than 150 suppliers providing services to healthcare organisations from June 2013-2014.
The firm has developed a scorecard rating system for healthcare IT providers with grades going from the highest “A” to the lowest “D.”
Corl Technologies takes into account factors including security and privacy policies, whether they have a security officer or team and any security incidents such as breaches that take place.
It says the majority of healthcare IT vendors lack minimum security, with 58% of businesses investigated scoring a “D” grade for their culture of security.
Only 4% reached the “A” grade, while 16% gained a “B” and 14% a “C,” and just 32% of vendors were found to have security certifications.
“The average hospital’s data is accessible by hundreds to thousands of vendors with abysmal security practices providing a wide range of services,” claimed Cliff Baker, Corl Technologies CEO.
“When healthcare and industry organisations don’t hold vendors accountable for minimum levels of security, these vendors establish an unlocked backdoor to sensitive healthcare data,” he added.
Although the vendors studied were primarily from the US, security in healthcare IT is a large issue in the UK.
The care.data patient information sharing scheme is currently delayed following privacy and security concerns.