Healthcare Data Security Under the Weather

Unless you’ve been hiding under a rock you heard all about the fracas that occurred last year, when Anthem—the second largest healthcare insurance provider in the U.S.—suffered the biggest data breach to that date. In the course of this incident, hackers accessed the personal information of approximately 80 million of Anthem’s current and former customers and employees. One year, two class action lawsuits and a boatload of cash (not to mention other incidents), and healthcare players’ level of concern about data breaches still may not be as great as the situation seems to warrant.

Somewhat astonishingly, figures from the Ponemon Institute indicate that a mere 40 percent of healthcare organizations are concerned about cyber-attacks, which the institute pegs as the major cause of data breaches. Fifty-six percent of healthcare organizations believe their incident response and related processes lack not only funding, but resources. As Cletis Earle, vice president and CIO of St. Luke’s Cornwall Hospital in Newburgh, N.Y. noted in a Becker’s Hospital Review report“As a hospital system, we don’t have a fraction of the resources as the Targets and the Chases of the world, as far as security experts. We are almost like sitting ducks.”

Scary Statistics

But there’s a lot MSPs can say to healthcare prospects that are reluctant to take a more active—and proactive—approach to data security.

According to the Ponemon Institute’s 2015 Cost of Data Breach Study, the average cost of a data breach now stands at $3.8 million, up 23 percent from 2013. The healthcare industry pays the highest price for stolen records, at $363 apiece, and as a whole could be shelling out a whopping $6 billion annually to cover the cost of data breaches. And healthcare players’ data breach expenditures cover a long laundry list of components, including investigation, remediation, notification, identity theft repair/credit monitoring, regulatory fines, interrupted business operations, loss of business, and class action lawsuits.

Want to strike even more fear of data breaches in healthcare players’ hearts—or at least, give them another reason to engage an MSP, hopefully you, to assist them with products and services to address this issue? If it’s a medical practice, hospital or hospital system you’re after, consider citing findings from a survey conducted by software advisory firm Software Advice. Forty-five percent of respondents to the survey described themselves as “moderately concerned” or “very concerned” about security breaches involving personal health information, and 21 percent said they withhold personal information from their physicians for fear of a data breach.

Even more concerning, approximately 54 percent of survey participants said they would switch healthcare providers as a result of a data breach. Of these, 28 percent claimed nothing would convince them to remain with a provider that had experienced a data breach. The only semi-bright spot: 37 percent of survey respondents noted that they would stay with their same provider if the entity could demonstrate that improvements to security policies had been made.

MSPs are the Cure

What if these statistics, and maybe some other persuasive talk, were enough to send healthcare clients straight to your door? What should you offer in terms of solutions and services? An anti-malware solution tops the list, as web-borne malware attacks are, according to Ponemon, the culprit in the bulk of healthcare organization breaches. Solutions and services aimed at data loss prevention, along with two-factor authentication, patch management, disc encryption, and logging/monitoring round out the roster.

Additionally, MSPs can perform data security assessments and develop, provide assistance with formulating, or even execute ongoing user awareness and training, security policies, and security incidence response plans/procedures. Many healthcare organizations may also want help devising and implementing information classification systems to regulate access to different types of data.

Healthcare data security is clearly in a sickly state. MSPs can, and should, provide much of the cure.

Author: Ritzer Ross