Ponemon’s Third Annual Benchmark Study on Patient Privacy and Data Security reported that most healthcare organizations have experienced a breach–94% of healthcare organizations in the study have had a data breach in the past two years, and 45% have experienced more than 5 data breaches. In many cases, digital forensics is used to identify the reasons for a breach. Lesser known is the importance of forensics in determining the extent to which PII / PHI is exposed and the number of affected individuals.
Quantifying exposed PII / PHI takes place once a breach is established. This step is often limited in scope due to misinformation.
- Data intimidation. Just the size of 10 terabytes of data may appear daunting. However, the total size of a data set does not necessarily correlate with the number of records that is relevant to analysis of exposed PII / PHI.
- Time constraints. Time allotted to the assessment of exposed PII / PHI is often a small fraction of a forensics investigation. Minimizing time for analysis without evidence may increase risks such as scrutiny from regulators.
The full article can be read at ID Experts’ Blog.