According to 2016 survey results from The Ponemon Institute, healthcare organizations average about one cyber attack per month. So why, then, do so many remain underinvested in cybersecurity?
That’s a question we often ask ourselves and encourage healthcare executives to think about too — especially when almost half have experienced the loss or exposure of patient data within the last year (Ponemon).
It’s easy to understand why the healthcare sector ranks high on the list of most targeted industries. For one, personally identifiable information in electronic medical records can fetch up to ten times more on the black market than credit card information. Stolen credit card numbers are also fairly easy to recognize through fraud detection, whereas stolen personal information can take years to discover.
Most healthcare executives report that they are doing enough to secure their organization’s network, but breaches over the last few years tell a different story. Last year alone, saw over 112 million healthcare records breached. With the average time span between a system breach and recognition of that breach at an astounding 282 days –there is ample time for hackers to grab and sell troves of data.
Healthcare Sector Lags Other Industries In Network Protection
The healthcare sector as a whole lags behind in cybersecurity preparedness— even in the face of vulnerabilities that include:
- Unprotected electronic health records (EHRs) and automated clinical systems
- Legacy operational and clinical applications that can’t operate securely in the IoT era
- Insecure network environments that connect to remote medical and mobile devices
- Lack of policy regarding the sharing of PII and medical data via laptops, mobile devices, thumb drives and external, third-party software and cloud providers
- No segmentation of network applications. For example, connected devices like respirator pumps that share the same network as an Internet-browsing registration system.
Roadblocks To Cybersecurity Preparedness
All of this begs the question: With the inherent risk, what’s holding healthcare organizations back from taking the steps required to properly secure systems and data?
A 2015 KPMG report shows a number of factors at play, including the tendency of hospitals to prioritize expenditures on patient care over data protection. Another is the absence of executive-level accountability for cybersecurity — a starting point for building a strong cybersecurity team.
A factor not mentioned in the report is the ad hoc approach many healthcare organizations take when making investments in cybersecurity — resulting in an incohesive array of disparate products from different vendors that don’t easily integrate or share threat information.
Closing The Gap Between Security Spending And Effectiveness
As specialists in information security with a knowledge of healthcare network environments, our focus is on helping healthcare organizations bridge the divide between cybersecurity spending and its overall effectiveness. The remedy for forward-looking organizations is to build a holistic approach for their cybersecurity solutions to protect healthcare organizations from end to end.
With products that offer industry-leading security effectiveness, scalability and unmatched third-party-validated performance, we can recommend and deploy a solution that enables you to meet regulatory requirements, like HIPAA — all while securing patients’ medical records and vital healthcare delivery systems. Contact us to learn more.