by Tom Caswell
Cyber-attacks on healthcare organizations will continue to make the news as the proliferation of healthcare data accelerates and unauthorized access attempts increase. Understanding the inherent “risks” associated with healthcare data were clearly outlined by the Bitglass Healthcare Breach Report 2016 – 2015 was a record year for healthcare data incidents.
- 1 and 3 Americans were impacted by healthcare data breaches in 2015
- 111 million individuals’ data was lost due to hacking or IT incidents in the U.S. alone
- 98 percent of record leaks were large-scale breaches targeting healthcare
Why is healthcare vulnerable to more system and data attacks? Modern healthcare produces an enormous amount of data while indiscriminate data gathering produces a “big data healthcare paradox” – managing, presenting and securing data for use in the clinical setting. Gathering data from thousands of EHR access points, 24/7/365 data capture, multiple onshore and offshore vendors adds variables and vulnerability. It is not surprising that healthcare IT departments will accelerate cyber security spend in 2016.
The risks of indiscriminate data collecting are enormous. As reported by PWC , hospitals face a staggering hit to their bottom line if a breach occurs. “Nearly 40 percent of consumers would abandon or hesitate using a health organization if it is hacked. More than 50 percent of consumers would avoid, or be wary of using, a connected medical device if a data breach was reported.”
As the economic risks are raised, healthcare organizations need to task internal stakeholders and vendors to partner on data gathering objectives, verification of data transfers and limiting data capture/transfer to reduce risk. Moving beyond contracted cyber risk management programs to regular reporting and limiting access to PHI identifiers will markedly mitigate risk.
Choosing vendors must also move toward a cost/risk assessment model to determine the true cost of a vendor’s services – 100% U.S. based employee firms may offer better value when factoring in cyber risks?
About the author: Tom Caswell explores the impact of emerging technologies on the end user and healthcare. You can reach Tom Caswell at firstname.lastname@example.org