mans hand writing on avatar filled screen Health system budgets aren't expansive enough to replacevulnerable legacy systems, and allotments for cybersecurity areactually being cut. (Photo: Shutterstock)

|

The health care sector is notorious for the high cost of its services, but it couldprobably save itself a lot of money if it could manage to plug allthe leaks in its cybersecurity.

|

According to Health IT Security, hackers are dancing ringsaround providers and their efforts at security technology—to thetune of some $4 billion by the end of this year. That's thisyear—just 12 months.

|

The report cites Black Book findings that providers in thehealth care sector are the most targeted—the cost per patientrecord, by the way, amounts to an estimated $423 per breach—andsome 96 percent of the security professionals surveyed say thatthreat actors are running roughshod over health careorganizations.

|

Related: Health care data breaches highlight limits ofHIPAA's vendor oversight

|

Indeed, the security pros said that 53 percent of successfulhacks were perpetrated by outsiders getting in. And 93 percent ofhealth care organizations were hit by a data breach in the lastthree years—57 percent being hit more than five times during thatperiod.

|

And it's not getting any better, counterintuitive though thatmight seem. According to the Black Book report "Not only has thenumber of attacks increased; more than 300 million records havebeen stolen since 2015, affecting about one in every 10 health careconsumers."

|

Report authors added, "The dramatic rise in successful attacksby both criminal and nation-state-backed hackers illustrates howattractive and vulnerable these healthcare enterprises are toexploitation. Despite these wake-up calls, the provider sectorremains exceedingly susceptible to ongoing breaches."

|

One problem standing in the way of improvement? Budgets thataren't expansive enough to replace legacy systems—yet despite thishealth care organizations sink about $1.4 million into recoveryfrom cyberattacks. Oh, and budgetary allotments for cybersecurityare actually being cut. In fact, less than 1 percent of IT budgetsis earmarked for 2020 resources.

|

The scary thing is that so many of these legacy systems arereally old, with 56 percent of providers still relying on Windows 7operating systems (we're on Windows 10 now, if you're curious). Anddon't forget that medical devices are also operating on outdatedsystems—and providers have a tough time grasping the concept orexecution of software patches.

|

"It's becoming increasingly difficult for hospitals to find thedollars to invest in an area that does not produce revenue," saidDoug Brown, founder of Black Book. "The situation did not improvein 2019 and [the] dilemma with cybersecurity budgeting andforecasting is the lack of reliable historical data."

|

Hospitals and doctors are behind the times when it comes tounderstanding how and where to fit cybersecurity expenses intotheir budgets—never mind the scope of the need, he explained.

|

Read more: 

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

  • Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Marlene Satter

Marlene Y. Satter has worked in and written about the financial industry for decades.