A recent Harvard Business Review article1 reminds us that the healthcare sector is the most heavily-targeted vertical industry. Read more in our earlier “Top Target” post. In 2016, more than 25% of all data breaches were related to healthcare. “The estimated loss to the industry is $5.6 billion per year. These stats should be a wake-up call for the entire industry.” HBR cites a combination of reasons why cyberattacks continue to plague the healthcare segment.
Financial and other industries have become more sophisticated in detecting and blocking cyberattacks. Criminals are motivated to find new sources of valuable data. The healthcare segment is rich in customer data and according to HBR, has been relatively slow to adopt truly effective security practices.
Uncertainties about changing healthcare laws, thin operating margins and growing costs are squeezing hospital budgets. The good news is that IT security spending appears to be on the upswing. In a recent survey report, 81% of respondents indicated that spending is up; compared to 60% in 2016. Budget priorities fall into three key areas:
Compliance is in the Driver’s Seat
HIPAA/HITECH, EPCS, eCFR, and others make regulatory compliance, at a minimum, cybersecurity table stakes. It’s costly to meet these complex and diverse laws and regulations, but possibly more so when not met. Therefore it’s not surprising that compliance is not just the top security priority, it may also be an organization’s overall security strategy. Yet being compliant isn’t a guarantee for protecting against breaches. In fact, there’s an interesting dichotomy where some compliance rules align with increased security while others (eg EPR) actually increase risks.
Protect & Prevent – Detect & Respond
We see evidence of increased spending in network security, endpoint protection and mobility. Given the success of cybercriminals in stealing healthcare data or pulling off ransomware attacks, conventional network security tools are not enough. Broadly deployed IoMT applications and devices significantly improve healthcare outcomes. They also have the potential to create wide-open backdoors to the network. Increasing the quality of patient care comes with risks.
Training and education – Skilled IT and Savvy employees
Investments in skills are a top priority – IT generalists must become security specialists. Companies across all industry segments are challenged
to fill cybersecurity positions. In a Robert Half Technology Survey, 41% of CIOs say that these skills are in great demand within their companies. This is driving more spending in training – from security basics to certifications. IT organizations are investing in their personnel through a wide range of classes, offered by organizations such as the SANs Institute.
Human error is one of the leading causes of security breaches. Training investments goes beyond IT and risk organizations. Ongoing education for doctors, nurses and other staff increases overall awareness about security risks and best practices.
Get the Most Bang for Your Buck
Are your security budgets growing? Where are you spending? Most importantly, are you seeing positive outcomes? Great Bay Software enables you to embrace your security goals with confidence. Our Beacon Product Suite is a cost-effective solution with measurable ROI. Learn how we can help you know and trust what’s on your network to identify and mitigate potential threats.