By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
    The Wide-Ranging Benefits of Magnesium Supplements
    June 11, 2025
    The Best Home Remedies for Migraines
    June 5, 2025
    The Hidden Impact Of Stress On Your Body’s Alignment And Balance
    May 22, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    narrow-road-ahead-sign
    Narrow Networks in California?
    March 24, 2016
    Insurer Has E-Security Problem
    August 26, 2017
    What Kind of Inequality Matters to You?
    October 19, 2011
    Latest News
    Let Your Lawyer Handle the Work Before You Pay Medical Costs
    July 6, 2025
    Top HIPAA-Compliant Messaging Apps for Healthcare Teams
    June 25, 2025
    When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
    June 20, 2025
    Preventing Contamination In Healthcare Facilities Starts With Hygiene
    June 15, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: PCI Compliance Status & Data Breaches
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > PCI Compliance Status & Data Breaches
Medical Records

PCI Compliance Status & Data Breaches

onlinetech
onlinetech
Share
5 Min Read
PCI Compliance Status Breaches
SHARE

Only 21 percent of organizations were found to be fully PCI compliant during their first assessment of attestation in the Verizon 2011 Payment Card Industry Compliance Report, showing only a 1 percent increase since their 2010 report (statistics based on QSA assessments). Translating to a 79 percent fail percentage, the organizations, on average, only met 78 percent of the test procedures defined in the DSS (Data Security Standards).

Only 21 percent of organizations were found to be fully PCI compliant during their first assessment of attestation in the Verizon 2011 Payment Card Industry Compliance Report, showing only a 1 percent increase since their 2010 report (statistics based on QSA assessments). Translating to a 79 percent fail percentage, the organizations, on average, only met 78 percent of the test procedures defined in the DSS (Data Security Standards).

PCI Compliance Status Breaches

PCI Compliance Status Breaches

Challenges to Meeting Compliance
The report lists a number challenges that serve as barriers to meeting full PCI compliance and the full set of requirements. Those challenges include:

Trained personnelFully staffed and expert IT departments can be difficult to find and maintain for ongoing compliance.
Corporate WillThis refers to the inability of management or directors to recognize the importance of compliance – compliance is “considered to be a drag on the economy by most businesses rather than an assumed part of the risk of doing business.”With this type of attitude, resources are often not allocated to meet compliance by implementing proper controls, policies and procedures.
ComplexityPCI requirements are specific and lengthy – the Verizon report claims PCI has well over 200 requirements (while the 12 requirements are notorious, each one has multiple listed sub-requirements).The time and resources needed to address each requirement can be extensive.

What were the most difficult requirements to achieve?

More Read

Medical Mistakes: To Err Is Human – Yes and No?
Make Your Hospital’s Digital Experience Mom-Friendly
Alleged Photo Leaks Prompt Question: Can Apple Keep Healthcare Data Secure?
Can EMRs Reduce Racial Disparities in Health Care?
5 Tips for Managing Technology in Healthcare

Only 37 percent of organizations met the PCI requirement #11 – regularly test security systems and processes, and 39 percent were able to maintain a policy that addresses information security, requirement #12.

The most challenging sub-requirement, according to the report, was under #10 – tracking and monitoring. #10.5.5 requires organizations to use file-integrity monitoring (FIM) or change detection software on logs to ensure that existing log data cannot be changed without generating alerts.

The two requirements that were achieved by most organizations were #7 – restrict access to data by business need-to-know and #4 – encrypt transmission of cardholder data and sensitive information across public networks.

Another approach to meeting PCI compliance includes reducing scope by meeting certain milestones and thus reducing potential risk to cardholder data. Eighty-eight of organizations met goal #1 – remove sensitive authentication data and limit data retention. Stored sensitive data can be a liability to any organization and decrease their ability to meet compliance requirements.

What are the top causes of a PCI breach?

The report also details the top “threat actions,” meaning the cause or action that contributed to PCI breach incidents. The top five are as follows:

  • 44% sent data to external sites/entities (malware)
  • 44% allowed remote access or control (malware)
  • 43% was due to the exploitation of default or guessable credentials (hacking)
  • 42% was due to the exploitation of backdoor or command and control channel (hacking)
  • 36% was a result of physical tampering (physical skimmers for the intent of fraud)

While no data center or PCI compliant hosting provider can make an individual merchant PCI compliant, they can help your organization by having PCI compliant controls already in place when it comes to certain technical requirements. Remember, due diligence is always required when you partner with a PCI hosting vendor – check their PCI audit report to determine the full scope and understanding of their compliance; don’t just take their word for it.

References:
Verizon 2011 Payment Card Industry Compliance Report (PDF)

TAGGED:data breachpci compliance
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

9 Lifestyle Tweaks That Can Add Years to Your Life
9 Healthcare Lifestyle Tweaks That can Add Years to Your Life
lifestyle
July 11, 2025
car accident lawsuit
Let Your Lawyer Handle the Work Before You Pay Medical Costs
Policy & Law
July 6, 2025
women dental care
What Is a Smile Makeover and How Much Does It Cost?
Dental health
June 30, 2025
HIPAA-Compliant Messaging Apps
Top HIPAA-Compliant Messaging Apps for Healthcare Teams
Global Healthcare Policy & Law Technology
June 25, 2025

You Might also Like

Can EMRs Do More Harm than Good?

November 19, 2011

Data Breach: How Much Will One Cost You?

March 7, 2012

Techniques for Matching Patient Record Data Across Disparate EHRs and Other Systems

February 10, 2012
VNA storing and sharing information
eHealthMedical RecordsRadiologyTechnology

How a VNA Unifies Clinical Data Throughout an Enterprise

January 5, 2015
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?