Security concerns are on the rise, especially in healthcare with system violations occuring at an alarming rate. A recent report put out by research firm Gartner estimates the world will spend over 124 billion dollars on information security in 2019. That’s 12.4 percent over last year. A certain amount of that will go to protect healthcare IT systems.
Escalating Data Breaches in Healthcare
The number of cyber-attacks on healthcare has risen consistently year after year. In 2009, there were less than 50 attacks overall. By 2013, that number was up to over 300. In 2017, there were 477 breaches of healthcare data, compromising more than five million patient records. This August, Legacy Health began notifying more than 38,000 patients of a breach that put their data at risk.
Healthcare tops the list of at-risk industries for cyber-attacks in front of:
- Financial Services
PwC Health Research Institute theorizes each breach costs around 200 dollars per patient record. Then to secure those same records? Just eight dollars per patient. Put simply, the expense of improving cybersecurity and patient privacy practices is small compared to that of a breach.
Surprising Healthcare IT Security Statistics
Despite the increase in attacks, to date, many healthcare operations fail to make the right changes to combat it. Black Book’s annual healthcare cybersecurity survey offers some surprising statistics:
- One-third of hospitals buy cybersecurity products without doing much research on them. Ninety-two percent of these products or services did not include end users or areas often affected by data breaches.
- Only 4 percent of healthcare organizations establish a committee to study cybersecurity budgeting.
- As of 2017, 84 percent of hospitals did not have an IT security executive.
- Twenty-one percent outsource their IT security instead of having dedicated in-house cybersecurity professionals.
- Sixty-one percent of healthcare businesses do not have specified security objectives, and 83 percent do not conduct drills to establish an incident response.
- Fifty-seven percent of IT managers report they do not know why cybersecurity solutions are available to them.
- Thirty-two percent of hospitals fail to scan for vulnerabilities before an attack.
- Twenty-nine of the survey respondents state they don’t have ways to instantly discover an attack.
It seems almost as if cybersecurity remains on the backburner despite the apparent need, but that is likely to change in the coming years.
Healthcare IT Security Budget
With over 90 percent of healthcare organizations experiencing some level of cyber assault and many seeing multiple attacks each year, the need for increased security is clear, but what is it going to cost?
The current estimate is that globally the healthcare cyber security market will reach anywhere from 11 to 65 billion dollars by the year 2022. The U.S. is a prime target for these attacks, so it is expected to spend more than most countries.
The security upgrades will focus on many possible threats including:
- Advanced Persistent Threats
- Lost or Stolen Devices
Significant buyers for cybersecurity include:
- Pharmaceutical companies
- Medical Device manufacturers
- Health insurance providers
- Independent Urgent Care Centers and private practices
The increase in global security budgets indicates a much-needed shift regarding cybersecurity and data safety in all industries, including healthcare IT.