By Matthew C. Bertke, CPA, MBA, Coverys Product Development Manager
With ongoing technological advances and volumes of personal health data being collected, shared, and analyzed daily, healthcare organizations are increasingly concerned about data breaches and protecting patient privacy. However, for various reasons, many have been reluctant in moving forward with necessary safeguards — until now.
A recent data threat report
issued by Thales, and in conjunction with analyst firm 451 Research, revealed that 90 percent of healthcare organizations consider themselves vulnerable to cyber threats. And the good news? In 2017, the industry is committed to fighting back by investing heavily in advanced cybersecurity measures. In fact, 81 percent of U.S. healthcare organizations since the start of the New Year plan to increase their cybersecurity budgets compared with 60 percent in 2016 — and for good reason.
The sophistication of hackers is growing. Healthcare data continues to be a valuable commodity for fraudsters interested in ransom, blackmail, and espionage. Just this year, 20 percent of organizations have already experienced a breach. And while the industry has lagged in its investment in and implementation of proper safeguards, 92 percent of the surveyed organizations recognize the extreme effectiveness of cyber security — a 14 percent increase over last year.
The top reasons that stall the onboarding of cybersecurity include:
Key drivers behind the spend
- Overly complex processes – 53%
- Not enough staff to manage/monitor defense systems – 39%
- Concerns about functionality – 36%
- Not enough budget – 33%
- Lack of enterprise-wide buy-in – 26%
The healthcare industry has been through a rough two years. Unfortunately, with the growing sophistication of hackers, disruptions are predicted to be just as challenging in 2017 as the Internet of Things continues to evolve.
At a time when cyber liability risks are increasing, the industry is simultaneously facing increased regulatory requirements at both the federal and state levels. Why the hypersensitivity regarding compliance? Because after a breach, the Office for Civil Rights conducts an investigation to identify the causes. Organizations that aren’t taking necessary measures to safeguard the privacy of patients and the confidentiality of healthcare data face steep fines and penalties.
Concerned with meeting strict compliance requirements, 44 percent of the surveyed organizations have prioritized investing in areas related to compliance mandates.
Other top key drivers of spend include:
- Data breach prevention – 40%
- Protecting company reputation and brand – 35%
- Establishing best practices – 34%
- Increasing cloud use – 27%
Organizations are allocating their budget dollars to various cybersecurity measures, with network security topping the list of spending decisions at 69 percent.
Other measures of priority include:
- Internet-capable hardware/mobile protection measures – 61%
- Analytics and recovery – 62%
- Protecting data in motion – 51%
- Protecting data at rest – 47%
Investing in cybersecurity to prevent or reduce the chance of a breach is a big step, but it’s not foolproof. Unfortunately, the recovery efforts surrounding a breach are typically extensive, causing serious financial damage that could last years. To mitigate risks associated with a breach, more organizations are recognizing the need for cyber insurance as part of their coverage. A recent report
by the Brookings Institution’s Center for Technology Innovation predicts that over the next five years, cyber insurance will be as important as malpractice insurance, and providers can’t afford the risk of operating without it.
Examining how breaches occur is helpful in establishing processes and procedures to mitigate risk. Forward-thinking organizations are no longer sidelining the fact that it’s time to take proactive steps.