As I reported recently, last year was an extremely difficult one healthcare security. More than 700 healthcare organizations reported a breach of 500 or more patient records to the HHS Office for Civil Rights, more than double the number of such attacks reported five years.
Why are things this bad? Well, clearly the pandemic has been a factor, as it has drained healthcare organizations of the resources they would ordinarily have to maintain secure operations. Then there’s the reality that healthcare data continues to be among the more attractive types of data you can steal, given that among other things it’s rich in data types that can be resold.
But perhaps the most striking reason healthcare organizations remain so vulnerable is that they just aren’t spending what they should spend to keep things locked down. According to a new survey, only 22% of healthcare IT managers are confident that their organizations have budgeted enough funds to protect their systems.
The study, which was conducted by Black Book Research, collected survey responses from 2,980 security and IT professionals from 877 provider organizations.
Eighty-six percent of IT professionals agreed that cyberattackers are getting ahead of medical organizations, though 64% of respondents said they believe their connected medical devices were secure with current software updates. Eighty percent of respondents reported that their organization has an acting CISO.
Ninety-six percent of CIOs and CISOs in companies performing at margins supporting long-term viability (over 5%) said they were successfully maintaining cybersecurity programs. These providers plan capital expenditures on tools such as cybersecurity analytics, network security, open-source solutions, threat intelligence, and cloud security this year.
That being said, 21% of chief information officers with negative 2020 operating margins said there had been slow or no progress toward putting a proactive cybersecurity technology infrastructure in place to support long-term efforts.
One big expense providers are grappling with is the cost of insuring against cybersecurity breaches, with spending on cyber liability policies expanding six-fold in 2021. It’s hardly surprising that policies have gotten so much more expensive, given that 60% of CIO respondents reported that their organization had to submit a cyberinsurance claim since 2019.
Unfortunately, cyberinsurance can’t do much to help providers with one of the major forms of damage created by breaches – loss of consumer trust. Black Book Research has concluded that this year, consumers will be significantly influenced by how much they trust how well their personal medical data is protected when selecting a provider.
Not only that, 91% of patients aged 23 to 34, 96% of patients aged 35 to 44 and 87% of patients aged 45 to 54 said they would no longer be loyal to their current health system or physician if a major breach or ransomware episode affected them when IT solutions to protect their privacy weren’t used properly.
With any luck, 2021 will prove to have been the high-water mark for healthcare data breaches for quite some time. However, we’re not likely to see big drops unless providers put more money into their defenses.
The truth is, though, that healthcare organizations have underfunded cybersecurity for ages despite the massive security exposure that always hangs over the industry. Let’s hope providers can dig deeper this year and bring on the help and technology they need.
