The Sorry State of Cybersecurity in the Healthcare Industry
Given the sensitivity and confidentiality of the data handled by the healthcare industry every day, you’d think that cybersecurity is a top priority among healthcare providers. Sadly, you’d be mistaken. The healthcare sector, it seems, is struggling to keep up with the times, especially when it comes to putting strong cybersecurity measures in place.
IT experts say that many healthcare providers, along with medical device manufacturers, don’t recognize the need for such measures, even as they suffer multiple data breaches. Healthcare companies and energy/utility companies are among the industries most vulnerable to cyberattacks today, according to the BitSight Insights Industry Benchmark report in September.
Any statistics on that?
The numbers don’t lie, and they’re pretty alarming. The healthcare and social assistance industry suffer the highest incidence of data breaches at 56%, compared to the 31% on average among all industry sectors. Public data from the U.S. Department of Health and Human services also say that there have been a total of 55 data breaches in the country in 2015. These data breaches affected the information of over a hundred million victims – 111,802,842, to be exact.
Health insurance company Anthem Inc. demonstrated earlier this year just how inefficient cybersecurity in the healthcare industry is when it lost more than 78 million medical records in a data breach. Similarly, 11 million victims suffered from a data breach at Premera Blue Cross, another health insurance company.
According to Ponemon Institute, a research center dedicated to privacy, data protection and information security policy, data breaches cost the healthcare industry about $5.6 billion each year.
So what’s the healthcare industry doing about it?
Not much yet, if current cybersecurity measures in the healthcare industry are to be studied.
Just from the sheer number of medical records compromised, it’s clear that the healthcare industry needs to adopt stronger measures for cybersecurity. It needs to do more to protect not only the medical and personal information of patients, but also medical devices like insulin pumps and pacemakers. Security threats to these devices could result in the loss of life.
Healthcare providers may also need to train their own staff, as the cause for data breaches 26 to 36 percent of the time was employee error. Focus on proactive, intelligence-driven monitoring and response for data security is also essential for avoiding data breaches.
For instance, one of the costliest, most dangerous employee errors occurred in 2013 at the University of Washington Medicine. An employee downloaded an email attachment containing malicious malware, which ended up compromising the security of critical medical data and personal patient information. The University of Washington Medicine has agreed to settle for its shortcomings for $750,000.
Authorities from the HHS and cybersecurity companies have also emphasized the need for the healthcare industry and government sectors to work together to come up with solutions to cyber threats. To help strengthen cybersecurity for the healthcare industry, the National Institute of Standards and Technology has also released the Framework for Improving Critical
Comments