There’s no shortage of statistics on the frequency and cost of cybersecurity attacks in healthcare. So why isn’t everyone up in arms or feeling more of a sense of urgency as hackers get more sophisticated with their methods?
Healthcare providers and health systems have worked diligently to protect data privacy and security during a time of digital transformation in healthcare. The unfortunate reality? Hackers have worked even harder to access that data.
The Value of Data
Data is lucrative. Luckily for attackers, there is an endless supply of it to steal and manipulate with the shift from paper to electronic records, patient portals, telemedicine platforms and patient-generated data from medical devices feeding into the EHR.
In a recent survey we conducted of more than 100 healthcare organizations, only 50 percent believe they have the necessary controls in place to prevent an attack. Moreover, we believe that multifactor authentication is the best cybersecurity approach to protecting data. Yet, just under two-thirds have rolled out multifactor authentication strategies.
Let’s consider some facts1:
- Perception: 58 percent of organizations believe the security of their online patient portal is above average. Reality: healthcare data breaches tripled, impacting more than 15 million patient records last year.
- Perception: 65% of those surveyed said their patient identity management budget won’t change or will decrease this year. Reality: data breaches can cost more than $1.4 million to recover. Isn’t that worthy of more investment?
Every access point into a system presents an opportunity for attackers to take advantage of healthcare data. Additionally, attackers seek patient names, birth dates, policy numbers, diagnosis codes and billing information that they use to create fake IDs, file fraudulent claims, receive medical care under false identities, or sell on the dark web. Sadly, when an attacker strikes, an organization’s valued data suddenly becomes its biggest liability. This puts patients at risk.
Over time, cyberattacks will continue to become more sophisticated, malicious and harder to detect. Therefore, attackers will evolve to overcome barriers and safeguards. This tells me that the time to act needs to be now. It needs to be our priority to stay ahead of the attackers and protect the safety and trust of patients by protecting their data.