IT enables increased productivity in every industry, including healthcare. As more processes become digitalized, organizations are more prone to security breaches than ever. As patients entrust organizations with their sensitive data, it is the organization’s responsibility to protect the data from either internal or external threats. While the industry has been suffering from many breaches over the past years, it doesn’t seem that there is much progress.
According to 2018 HIMSS Cybersecurity Survey, 42% of the interviewed organizations spent less than 6% of their IT budget on cybersecurity. Regarding security staff, 51% of the interviewees in ISACA’s State of Cybersecurity Report 2018 took from 3 to 6 months to fill a security position.
Protenus reported that there were 5.579 million patient records breached in 2017. In the first two quarters of 2018, the figure already reached 4.27 million (1.13m in Q1 and 3.14m in Q2). Let’s assume that a breached record costs $300 in ransom, lost reputation from customers, regulatory fines, etc… (which is lower than an estimated figure of $380 by IBM). In 2018 so far, healthcare industry’s breaches cost more than $1.2 billion.
The cybersecurity threat to industries, especially heavily regulated ones such as healthcare, is already high. It will be even higher as organizations look to IoT for innovation and enhanced customer experiences. IoT will lead to many touchpoints through which threats can penetrate a system.
I hope that organizations will pay more attention to and spare more resources on security to protect patients’ sensitive data. After all, it is in their interest. In addition to ransom, regulatory fines and damaged reputation, it costs 6 times more to get a new customer than to retain one.