Businesses in the healthcare industry are more than acquainted with HIPPA, the acronym for the Health Insurance Portability and Accountability Act passed by congress 20 years ago. One of the act’s most important requirements is the safety and confidential handling of protected health information. And now that nearly all patient information exists in the digital ether, cyber security has become one of the healthcare industry’s greatest concerns.
Forbes Insights recently surveyed healthcare executives about these concerns. Their findings were astonishing: 80% admitted that their information technology had been comprised by cyber-attacks. And while this may seem shocking to those outside of the healthcare and IT industries, you won’t find much surprise on our faces. Businesses inside the healthcare industry constantly face an increased risk of cyber attack—not because they aren’t prepared, but because of the volume of unique information that health plans, doctors, and other providers handle.
Digital patient records and automated clinical systems make for rich targets in the world of cybercrime precisely because the price of such data on the black market has skyrocketed the last several years. Legendary investor Ann Winblad said in a CNBC interview that “data is the new oil.” Such comparisons communicate the value placed on protected information in a big way. It follows that healthcare organizations must take strides, not steps, to protect their information.
There are unique risks to healthcare businesses that may not exist in other industries. For instance, regulatory statutes such as HIPPA and HITECH add an element of liability enforced by government agencies, and heavy dependence on outsourced service providers like payment processing and lab testing add to information transfer risks. Associated with each transmission are both Personally Identifiable Information (PII) and Protected Health Information (PHI). Because healthcare has a complex chain of liability—from providers, to payers, to third part administrators—there are multiple points of access for a cyber attack.
Michael Ebert, a KPMG partner and healthcare leader at the firm’s Cyber Practice, has vividly observed the increased cyber security threat to confidential patient information. He sees overconfidence among healthcare providers and payers who consider themselves prepared for defense against a cyber-attack, and believes a large percentage of the organizations are underreporting. “They are probably compromised and don’t even know it,” Ebert says, citing the quarter of Forbes respondents who say they don’t have or don’t know their capabilities to detect if their organization’s systems are at currently at risk. Industry exposure to cyber threats is only expected to grow.
Because healthcare is a matter of national security, these threats are not simply a technical issue, but a business and governance challenge that involves risk management, reporting, and accountability. Effective security is not a passive enterprise; it requires active involvement of executives to assess emerging threats and organizations’ responses to them. Only a well prepared and properly coordinated cyber security team can provide the necessary awareness and capabilities to handle threats at all levels. Even more, cyber security must be incorporated in a company’s technology and network architecture upfront, and by strategic design. They must ensure that the investments in security are part of a cohesive, coordinated digital strategy.
Organizations required to enforce HIPPA must take active, appropriate steps to secure their data from cyber attacks. For a risk assessment of your business—healthcare or otherwise—consult with an expert at Dynamic Quest. We also offer Business Consulting services to evaluate your organization’s preparedness and ability to react to these threats when they arrive. As always, we’re happy to have new partners on board, but indisputably recommend a serious look at the status of your cybersecurity—especially for those in the healthcare industry. Stay safe out there.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”