A new report has emerged claiming that data breaches targeting the healthcare sector are expected to triple in 2021, signaling the importance of information security measures for a sector that deals with significant amounts of protected health information.
The report comes from researchers at Black Book Market Research, who published their “2020 State of Healthcare Cybersecurity Industry” report detailing the potential for data breaches in the healthcare sector to triple in 2021.
Key among the headlines of the report is that IT sectors of healthcare providers are significantly underfunded, and as a result, unprepared for a significant data breach or cyber attack. The report also says that customers are more than willing to change providers if they feel their data is safer with a competitor.
According to the numbers, more than three-quarters of healthcare providers said they believed they are unprepared to deal with a major cyber incident, while 96% felt as though hackers were more advanced than their systems were.
The Healthcare Cybersecurity report says that the healthcare industry is expected to spend $134 billion on cybersecurity measures over a five-year period between 2021 and 2026; $18 billion of which will be invested next year; the authors of the report believe this is not enough to keep up with the fact that data breaches on the healthcare sector are expected to triple in 2021.
It’s expected that spending will increase by around 20% each year to address the risk of data breaches and cyber attacks launched by third parties looking to access protected health information (PHI) for their criminal and fraudulent activities.
The report’s lead author writes that “outdated IT systems, fewer cyber security protocols, untrained IT staff on evolving security skills, and data-rich patient files are making healthcare the current target of hacker attacks,” adding that the “willingness of hospitals and physician practices to apy high ransoms to regain their data quickly motivates hackers to focus on patient records.”
Health information is of particular value to cyber criminals due to the intimate nature and sheer volume of data that can be obtained if a healthcare provider’s network were to be compromised.
Other key findings of the report indicate that there is a significant talent shortage in the cybersecurity field, which is expected to be compounded by the fact that healthcare providers are in need of IT professionals more than ever before. The report says that it takes 70% more time to fill a cybersecurity position in the healthcare industry than others, which is causing headaches for the sector.
The authors of the report state that the COVID-19 pandemic has increased the risk of data breaches as employees continue to work on a remote basis, via cloud platforms that present a potential avenue for exploitation by cyber criminals to launch either a ransomware attack or implant malware.
To make things worse, the report states that while investment in cybersecurity is indeed increasing in the healthcare sector, the authors believe it is insufficient. 82% of the Chief Information Security Officers that took part in the survey reported that investments in cybersecurity were not being allocated effectively, and were often made by the executive team without a gap analysis assessment or with consultation with IT specialists.
Money was, according to the report, often allocated to IT budgets “often only after breaches.”
This is in addition to the fact that customers have indicated they are prepared to change healthcare providers if they believe their medical records would be more secure with a competitor.
The report states that “medical and financial leaders have wielded more influence over organisational budgets and made it more difficult for IT management to implement needed cybersecurity practices despite the existing environment, but now consumers are beginning to react negatively to the provider’s lack of protection solutions.”
Brian Locastro, Back Book Research’s lead researcher and author of the 2020 State of the Healthcare Cybersecurity Industry report says that “the talent shortage for cybersecurity experts with healthcare expertise is nearing a very perilous position.”
“Despite the rising threat, the vast majority of hospitals and physicians are unprepared to handle cybersecurity threats, even though they pose a major public health problem,” Locastro continued to explain. “In today’s highly competitive cybersecurity market there isn’t enough talent to staff hospitals and health systems.”
“As provider organisations struggle to recruit, hire and retain in house staff, the plausible choice is retaining an experienced advisory firm that is capable of identifying and remediating hidden security vulnerabilities, which appeals to the strategic and economic sense of boards and CEOs.”
Locastro says that a number of healthcare providers struggle to grasp the potential for danger due to the “lack of reliable historical data,” adding that “cybersecurity is a newer line item for hospitals and physician enterprises and budgets have not evolved to cover the true scope of human capital and technology requirements yet.”
“Threats are now four times more likely to be centered on healthcare than any other industry, and ransomware attacks are increasing in popularity because of the amount of privileged information the hacker can obtain… providers at the point-of-care haven’t kept pace with the cybersecurity progress and the tools that manufacturers, IT software vendors and the FDA have made either,” Locastro concluded.
In reference to the number of patients willing to leave their current provider if they believed their health data was not secure, responses from 3,500 customers say that 93% would leave their provider if patient privacy was compromised “in an attack that could have been prevented.”