Health sector will take a $4 billion hit from data breaches in 2019
The cost per patient record amounts to an estimated $423 per breach.
The health care sector is notorious for the high cost of its services, but it could probably save itself a lot of money if it could manage to plug all the leaks in its cybersecurity.
According to Health IT Security, hackers are dancing rings around providers and their efforts at security technology—to the tune of some $4 billion by the end of this year. That’s this year—just 12 months.
The report cites Black Book findings that providers in the health care sector are the most targeted—the cost per patient record, by the way, amounts to an estimated $423 per breach—and some 96 percent of the security professionals surveyed say that threat actors are running roughshod over health care organizations.
Related: Health care data breaches highlight limits of HIPAA’s vendor oversight
Indeed, the security pros said that 53 percent of successful hacks were perpetrated by outsiders getting in. And 93 percent of health care organizations were hit by a data breach in the last three years—57 percent being hit more than five times during that period.
And it’s not getting any better, counterintuitive though that might seem. According to the Black Book report “Not only has the number of attacks increased; more than 300 million records have been stolen since 2015, affecting about one in every 10 health care consumers.”
Report authors added, “The dramatic rise in successful attacks by both criminal and nation-state-backed hackers illustrates how attractive and vulnerable these healthcare enterprises are to exploitation. Despite these wake-up calls, the provider sector remains exceedingly susceptible to ongoing breaches.”
One problem standing in the way of improvement? Budgets that aren’t expansive enough to replace legacy systems—yet despite this health care organizations sink about $1.4 million into recovery from cyberattacks. Oh, and budgetary allotments for cybersecurity are actually being cut. In fact, less than 1 percent of IT budgets is earmarked for 2020 resources.
The scary thing is that so many of these legacy systems are really old, with 56 percent of providers still relying on Windows 7 operating systems (we’re on Windows 10 now, if you’re curious). And don’t forget that medical devices are also operating on outdated systems—and providers have a tough time grasping the concept or execution of software patches.
“It’s becoming increasingly difficult for hospitals to find the dollars to invest in an area that does not produce revenue,” said Doug Brown, founder of Black Book. “The situation did not improve in 2019 and [the] dilemma with cybersecurity budgeting and forecasting is the lack of reliable historical data.”
Hospitals and doctors are behind the times when it comes to understanding how and where to fit cybersecurity expenses into their budgets—never mind the scope of the need, he explained.
Read more: