2018 has seen record-setting pace for mergers and acquisitions, but there is something that is setting records as well, and this one is not as positive. Data Breaches. According to the Department of Health and Human Services’ HIPAA Breach Reporting Tool website, commonly referred to as the “wall of shame,” there have been 165 breaches so far in 2018. These breaches have affected over 3.2 MILLION people. The most common breach is referred to as unauthorized access, and the numbers are astounding. It’s past time for healthcare to increase cybersecurity efforts.
One would think, after multiple high-profile attacks, that healthcare executives would be taking steps to increase cybersecurity efforts that can prevent their organization from being compromised. But a recent survey from Black Book Research shows that this is not the case. According to their study, 84% percent of provider organizations lack a reliable enterprise leader for cybersecurity, while only 11% plan to get a cybersecurity officer in 2018.
With so many breaches being reported, the question has to be asked:
Why are provider organizations not taking steps to increase cybersecurity efforts?
A lack of cybersecurity leadership wasn’t the only intriguing deficiency. The Black Book Research survey also shows the reluctance of healthcare provider organizations to adopt best practices for cybersecurity. 54% of respondents admitted they do not conduct regular risk assessments, while 39% do not carry out routine penetration testing on their firewalls.
The most surprising statistic to come out the Black Book Research survey was that 92% of executives surveyed said cybersecurity and the threat of data breach are not major talking points with their board of directors. Also, only 15% of healthcare organizations appear to be taking cybersecurity seriously, by having a Chief Information Security Officer (CISO) in charge.
The lack of emphasis on this problem is particularly alarming when you consider the findings of the annual NetDiligence Cyber Claims Study.
- Healthcare represented 18% of all breaches – one of the most-breached sectors
- $717,000: the average cost of a healthcare breach
- Costs included:
- $255,000 – legal settlement fees
- $249,000 – crisis services
- $121,000 – legal defense
- The most likely data to be exposed include:
- payment card information (67.2%)
- protected health information (17%), and
- personally identifiable information (15.7%)
- Hackers caused 27% of all breaches
- Insiders were involved in 25% of all incidents
Keeping your patient information safe and secure should be a top priority for your organization. If it is not, you are at risk of being part of the growing statistics of data breaches. You are also at risk for substantial fines from HHS or class-action lawsuits from your patients. These financial implications could be far more costly than the costs of naming a CISO and having a budget to ensure that your organization is safe from hackers. For example, according to an article published by Healthcare Informatics on July 13, 2018, the cost PER RECORD for healthcare data breaches is $408. This is an increase from $380 last year and the costs will continue to rise.
Optimum Healthcare IT recently published an infographic asking if Your Organization Prepared for a Cyber Attack? It is imperative that you understand and mitigate your risks when it comes to cybersecurity. The information in this infographic came from a recent IBM Security Trends report. Although RISK WILL NEVER BE ZERO, there are ways to help improve your odds of avoiding a security breach. Strengthening your information security posture from top to bottom is the first step and is imperative for protecting your organization as a whole from malicious attacks.