When we take a look at the healthcare industry and their security concerns two areas that stand out include data breaches and business continuity.

In the Ponemon Institute’s 2013 Cost of Data Breach Study we see that healthcare is one of the industries with the highest per capita data breach costs.

regulations-impact-on-data-breach-costs-eresource-3-i-1953

A recent article highlighted the total cost of U.S. health IT security breaches, which is estimated to be around $1.6 billion annually.  Pretty concerning, wouldn’t you say?

In addition to the damage of data breaches and their costs, another concern in the industry is business continuity.  This may come as a shock to you (or maybe not); most healthcare IT executives have stated that they are not prepared for an unexpected incident (breach, unwanted downtime, data loss, etc.).  Even more confounding news comes from a recent survey of healthcare IT executives.  The surveyors had experienced at least one unexpected outage in the last 12 months that cost them $432,000 per incident (MeriTalk).

The questions that arise from these numbers and studies are why aren’t healthcare IT executives doing more? What’s stopping them? And above all, what can they do (what should they be doing)?

Healthcare security stoppers

  • A huge gap in communication between the C-Suite and CIOs.

  • Lacking the necessary personnel to implement a holistic security program.

  • Underestimating the importance of a formal policies and procedure plan.

  • Thinking that encryption and authentication processes will be enough.

  • The absence of a physical security plan.

  • Wishful thinking: It won’t happen to us.

  • It costs too much.

Healthcare security fixes

  • Implement an Information Security Steering Committee that will ensure C-Suite executives and CIOs communicate on a regular basis and enact an effective security effort across the entire facility.

  • Work with information risk management specialists if you can’t have the personnel needed in house.

  • Formulate a formal policies and procedure plan now, stop putting it off.

  • Accompany the security measures you are taking with further steps that will allow you to gain an in-depth look into your overall security posture and where your vulnerabilities lie.

  • Networks are not the only point of entry for intruders looking to gain access to your sensitive data; you need a physical security plan. Get one!

  • The best defense is an active one. Wishful thinking is just that. You can wait till your facility gets breached or you can start closing the open doors to your network and data.

  • What costs too much are breaches, fines, loss of data, reputation, downtime and recovery from an unexpected incident you weren’t prepared to face.  Research shows that a robust information security program will save you money in the long run.

With the costs and repercussions of breach being so high, plus the damage of not having a business continuity plan in place to safeguard data and keep running business as usual; healthcare IT executives really need to start implementing some heavy duty security fixes.

How are you ensuring your healthcare facility’s security and business continuity needs are being met?

Photo Courtesy of lenetstan