A recent study by the Ponemon Institute finds that healthcare continues to be a huge target for cyberattack; and as it stands right now, healthcare providers and business associates (BAs) are ill-prepared to defend themselves and their data.
The following statement by Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, makes it quite clear where healthcare stands with data security.
“In the last six years of conducting this study, it’s clear that efforts to safeguard patient data are not improving. More healthcare organizations are experiencing data breaches now than six years ago. Negligence—sloppy employee mistakes and unsecured devices—was a noted problem in the first years of this research and it continues. New cyber threats, such as ransomware, are exacerbating the problem.”
The study found that half of data breaches in the healthcare industry are caused by mistakes (mistakes are classified as third-party snafus, stolen computing devices, and unintentional employee actions). The other half are caused by criminal attacks.
Furthermore, healthcare organizations and BAs are negligent when handling sensitive patient information. Also, healthcare providers and their third parties lack the budget, people, resources and expertise to manage breaches caused by employee negligence and evolving cyber threats.
Other major findings worth noting:
- 89% of healthcare organizations and 60% of BAs experienced data breaches over the past two years.
- 79% of healthcare organizations experienced two or more data breaches in the past two years, which is up 20% since 2010.
- 34% of healthcare organizations experienced two to five breaches and 45% more than five breaches.
- The most commonly exposed data include medical records, followed by billing and insurance records, and payment details.
- The total impact of data breaches to the healthcare industry is $6.2 billion.
So not only are data breaches high, but the financial impact is quite significant too; and it doesn’t get any better with the newest cyber threats healthcare organizations face in 2016, like ransomware.
In addition to having to worry about ransomware, healthcare organizations are also worried about protecting data from malware and DoS attacks. Add to the list, concerns with mobile device insecurity and the use of cloud services, as well as mobile apps (eHealth) and malicious insiders.
With the healthcare industry becoming more vulnerable to breach year after year, what’s stopping organizations and BAs from taking the steps necessary to ensure the appropriate security measures are put into place? The challenges, six years after the first Ponemon study, continue to include lack of resources and not investing in technologies that can help mitigate breach.
- 59% of healthcare organizations and 60% of BAs don’t think their security budget is enough to minimize breaches.
Also, it seems that both BAs and healthcare organizations like to point fingers at each other. Both think the other could be doing more in terms of security, which essentially doesn’t bring either to become proactive.
Instead of pointing fingers healthcare organizations and BAs should take a good look at what they can do and become actionable when it comes to data security. Even though budgets are limited, if applied in the right areas and with the right expertise (guiding executives and IT teams), steps towards a more secure overall structure can take place.
Both healthcare organizations and BAs can improve the state of data security, reduce breach and avoid a major catastrophe. All it takes is the will to do so and a little help.
Schedule your free consultation if you need help getting started.
Photo courtesy of Tashatuvango