Security News

Health Data Encryption Grows with Technology Advancements

Encryption continues to grow in health IT security as health IT infrastructure needs change and more organizations move to the cloud.

By Elizabeth O'Dowd

- Encryption remains one of the top security features for health IT infrastructure as on-premise and cloud-based encryption software is expected to grow through 2024, according to new projections. 

Encryption growth in healthcare

Grand View Research recently released a report that attributes the growth of the enterprise data encryption market to the increase in cyberattacks as IT infrastructure continues to move to the cloud.

Encryption software protects data in transit by encoding information so only authorized parties can access it. Encryption acts as an extra layer of security against hackers because any data stollen is unreadable unless the user has the key to decrypt the data.

Report analysts found that as enterprises across all industries continue to adopt software services and solutions, cyberattacks will be more abundant. The influx in attacks does not mean that software and cloud-based IT infrastructure is less secure, but the type of attacks to the infrastructure have changed to adapt to modern IT trends.

As the number of cyberattacks has gone up over the past several years, Grand View research analysts  predicts that on-premise encryption deployments will increase over the forecast period because organizations may feel the need to minimize the scope of compliance audits and avoid public disclosures after a data breach.

Healthcare data encryption is not technically HIPAA requirement, but it does not mean that health IT vendors and healthcare organizations can ignore encryption. Encryption assists organizations significantly when it comes to protecting data accessed remotely or data shared between healthcare organizations.

Department of Health and Human Services (HHS) HIPAA Security Series suggests that covered entities ask themselves the following two questions to help determine if data encryption is appropriate:

  • Which EPHI should be encrypted and decrypted to prevent access by persons or software programs that have not been granted access rights?
  • What encryption and decryption mechanisms are reasonable and appropriate to implement to prevent access to EPHI by persons or software programs that have not been granted access rights?

Healthcare organizations should consider data encryption because it keeps data secure during normal operations, not just when an organization’s data is threatened. Not all data breaches are detected by IT and having the safeguard of encryption could be the difference between a successful hack and an unsuccessful hack.

Some IT infrastructure solutions, such as virtual private networks (VPNs) may include encryption technology, however VPN encryption may not give the end-to-end security organizations are looking for.

VPNs only create a temporary connection while the user is engaging the data, meaning that data shared with a VPN is only encrypted when it’s being shared. Data at does not have encryption as a security fail-safe when only VPN technology is used for encryption. Users also have more control over endpoint VPNs increasing the chance of user error.

A survey conducted by Sophos earlier this year indicated that less than half of organizations use dedicated data encryption solutions. Several of the main reasons why organizations choose not to encrypt their data are lack of budget, performance concerns, and lack of encryption knowledge.

Survey authors also noted the lack of data encryption for mobile devices in the healthcare industry. Many organizations are still adapting to mobile devices accessing their network and may not have security protocols fully fleshed out.

Healthcare organizations cannot afford to ignore the growing threat of cyberattacks and should look into encryption solutions as the market continues to grow. Cyberattacks will only continue as organizations have more incentive to move their data to the cloud. Encryption solutions will protect patient information even if other security protocols fail and hackers end up getting their hands on PHI.

Dig Deeper: