Data security is an urgent issue for organizations in every sector today, but it is particularly essential for the health care industry. Care providers are frequent targets for hackers and other cybercriminals and, unfortunately, many of these organizations are simply not prepared to ward off the threats they now face.
For any hospital or other health care provider, the first step toward preventing a data breach is understanding the nature and scope of the threats and the state of cybersecurity in the sector. With that in mind, here is a quick overview of some of the most pertinent issues.
“Providers lost $113 million in lifetime patient revenue on average per data breach last year.”
The Cost of Breaches
One of the most important recent reports on the topic of health care cybersecurity comes from Accenture and the Ponemon Institute. This study found that care providers will quite possibly miss out on more than $300 billion in lifetime patient revenue as the result of breaches in the next five years. Specifically, this lost revenue will be the result of patients choosing to change health care organizations if their medical records are stolen or lost from their current care providers. What’s more, the report found that health care providers that experienced data breaches last year lost $113 million in lifetime patient revenue on average per incident.
There’s good reason why patients are so likely to abandon their current health care provider if that organization fails to keep its data safe from cybercriminals. The report found that two-thirds of those individuals who are the victims of medical identity theft will end up paying approximately $13,500 in out-of-pocket expenses relating to such incidents. With such a high price tag, it’s no wonder that patients will immediately lose their trust in the organization they view as responsible for failing to protect their sensitive data.
And this is an increasingly common issue. The Accenture and Ponemon Institute report estimated that about one out of every 13 patients will see their medical records and other sensitive information stolen at some point between 2015 and 2019. This shows how widespread the problem is, and how important it is for health care providers to embrace strategies that will help protect themselves and their clients from the growing, evolving threats that are emerging, all while continuing to increase their use of electronic medical records (EMRs) and other digital tools.
With all of that in mind, it’s imperative for health care providers to deploy preventative measures as soon as possible. And one of the most important steps toward improving cybersecurity is to first recognize the current capabilities in this area and how well-prepared the firm is to handle likely threat scenarios.
With this in mind, Keith Tyson and David Houlding, contributing to the Dell Power More blog, highlighted the three most common breach risk scenarios for health care providers: lost or stolen mobile devices, inadvertent insiders and remote cybercriminal attacks. Each of these is a serious and unique danger, and every health care organization should have policies and resources in place to minimize the risks they present. Any health care provider that does not have a comprehensive strategy in place will be far more likely to experience an incident.
As Tyson and Houlding pointed out, a big part of achieving cybersecurity in all of these areas is a focus on the end-users.
“Because many breaches originate with end users, whether well-intentioned, accidental or malicious, be particularly attuned to these risks,” the authors wrote. “User security awareness training is a key part of improving security, critical to establishing a culture of security.”
They added that it would be a mistake for health care decision-makers to assume that establishing strong policies and best practices will be enough to limit the risk of user-created breaches. It’s unfortunately inevitable that employees will often circumvent rules and guidelines if these policies create significant hurdles that slow down their efficiency or productivity. For doctors and others, patient care will always be the priority, which means that data security can fall by the wayside.
To avoid this, health care organizations need to develop systems and strategies that have cybersecurity built-in whenever possible. This reduces the risk of employee oversight causing a data breach, or creating an opening for opportunistic hackers.