By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    An Expert’s Guide To Building and Improving Endurance
    June 30, 2022
    medical assistants
    What Do Medical Assistants Do On a Day to Day Basis?
    April 5, 2022
    superfoods to help with prostate health
    10 Healthy Foods That Can Help Protect Your Prostate
    August 29, 2022
    Latest News
    5 Steps to a Promising Career as a Healthcare Administrator
    August 3, 2025
    Why Custom Telemedicine Apps Outperform Off‑the‑Shelf Solutions
    July 20, 2025
    How Probate Planning Shapes the Future of Your Estate and Family Care
    July 17, 2025
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    healthcare cost crisis
    What If the Health Care Cost Crisis Solves Itself?
    May 11, 2013
    Do You Need Life Insurance? What Does It Cover?
    December 23, 2022
    HIE metal plans
    The Four “Metal Plans” of Health Insurance Exchanges
    May 28, 2013
    Latest News
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
    How Health Choices and Legal Actions Intersect After an Injury
    July 17, 2025
    How communities and healthcare providers can address slip and fall injuries with legal awareness
    July 17, 2025
    Let Your Lawyer Handle the Work Before You Pay Medical Costs
    July 6, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: PCI Compliance Status & Data Breaches
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > PCI Compliance Status & Data Breaches
Medical Records

PCI Compliance Status & Data Breaches

onlinetech
onlinetech
Share
5 Min Read
PCI Compliance Status Breaches
SHARE

Only 21 percent of organizations were found to be fully PCI compliant during their first assessment of attestation in the Verizon 2011 Payment Card Industry Compliance Report, showing only a 1 percent increase since their 2010 report (statistics based on QSA assessments). Translating to a 79 percent fail percentage, the organizations, on average, only met 78 percent of the test procedures defined in the DSS (Data Security Standards).

Only 21 percent of organizations were found to be fully PCI compliant during their first assessment of attestation in the Verizon 2011 Payment Card Industry Compliance Report, showing only a 1 percent increase since their 2010 report (statistics based on QSA assessments). Translating to a 79 percent fail percentage, the organizations, on average, only met 78 percent of the test procedures defined in the DSS (Data Security Standards).

PCI Compliance Status Breaches

PCI Compliance Status Breaches

Challenges to Meeting Compliance
The report lists a number challenges that serve as barriers to meeting full PCI compliance and the full set of requirements. Those challenges include:

Trained personnelFully staffed and expert IT departments can be difficult to find and maintain for ongoing compliance.
Corporate WillThis refers to the inability of management or directors to recognize the importance of compliance – compliance is “considered to be a drag on the economy by most businesses rather than an assumed part of the risk of doing business.”With this type of attitude, resources are often not allocated to meet compliance by implementing proper controls, policies and procedures.
ComplexityPCI requirements are specific and lengthy – the Verizon report claims PCI has well over 200 requirements (while the 12 requirements are notorious, each one has multiple listed sub-requirements).The time and resources needed to address each requirement can be extensive.

What were the most difficult requirements to achieve?

More Read

big data security
Finding the Solutions to Big Data Security Concerns
Patients Going Mobile: The Consumerization of Radiology
Protect Personal Info from Medical Thieves
Challenges of Stage 2 Meaningful Use Require More Allies
HIPAA and Protecting Patient Information

Only 37 percent of organizations met the PCI requirement #11 – regularly test security systems and processes, and 39 percent were able to maintain a policy that addresses information security, requirement #12.

The most challenging sub-requirement, according to the report, was under #10 – tracking and monitoring. #10.5.5 requires organizations to use file-integrity monitoring (FIM) or change detection software on logs to ensure that existing log data cannot be changed without generating alerts.

The two requirements that were achieved by most organizations were #7 – restrict access to data by business need-to-know and #4 – encrypt transmission of cardholder data and sensitive information across public networks.

Another approach to meeting PCI compliance includes reducing scope by meeting certain milestones and thus reducing potential risk to cardholder data. Eighty-eight of organizations met goal #1 – remove sensitive authentication data and limit data retention. Stored sensitive data can be a liability to any organization and decrease their ability to meet compliance requirements.

What are the top causes of a PCI breach?

The report also details the top “threat actions,” meaning the cause or action that contributed to PCI breach incidents. The top five are as follows:

  • 44% sent data to external sites/entities (malware)
  • 44% allowed remote access or control (malware)
  • 43% was due to the exploitation of default or guessable credentials (hacking)
  • 42% was due to the exploitation of backdoor or command and control channel (hacking)
  • 36% was a result of physical tampering (physical skimmers for the intent of fraud)

While no data center or PCI compliant hosting provider can make an individual merchant PCI compliant, they can help your organization by having PCI compliant controls already in place when it comes to certain technical requirements. Remember, due diligence is always required when you partner with a PCI hosting vendor – check their PCI audit report to determine the full scope and understanding of their compliance; don’t just take their word for it.

References:
Verizon 2011 Payment Card Industry Compliance Report (PDF)

TAGGED:data breachpci compliance
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

technology in medical research
The Tools Helping Medical Researchers See the Full Picture
News Technology
August 3, 2025
5 Steps to a Promising Career as a Healthcare Administrator
5 Steps to a Promising Career as a Healthcare Administrator
Health
July 31, 2025
holistic dental
Holistic Dentist Services Are Natural and Safe
Dental health Specialties
July 28, 2025
botox certification
Help Improve People’s Skin Health Via Botox Certification
Skin Specialties
July 22, 2025

You Might also Like

Population Health Management [INFOGRAPHIC]

November 16, 2013
Medical Records

When Will Providers Start Actually Buying EHRs?

October 28, 2011

Medical Mistakes: To Err Is Human – Yes and No?

July 26, 2014

Study: Willingness To Use PHRs Not Linked to Age, Education, Income

October 18, 2012
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?