Lack of Cybersecurity in the Healthcare Industry

Lack of Cybersecurity in the Healthcare Industry

healthcare industry and cybersecurity

According to a Q4 Black Book survey on healthcare organizations, “92 percent of the C-suite officers surveyed state that cybersecurity and the threat of data breach are still not major talking points with their board of directors.”

In addition, the same research survey finds that the total cost of a data breach for healthcare organizations is estimated to be around $2.2 million spread over a period of two years.

The Cybersecurity Cultural Barrier

There is a cultural gap occurring in the healthcare industry, however, this is not a unique phenomenon. Due to difficulties in communicating the financial benefits of cybersecurity investment, it is often pushed aside for more easily justifiable spending.

In some cases, healthcare organizations simply cannot afford cybersecurity spending. In other cases, the cybersecurity threat is not understood.

What Makes Healthcare Organizations Particularly Vulnerable 

Unlike in standard industries, healthcare industry patient info cannot simply be locked away in a digital vault of sorts. Instead, the information must be made highly available within the organization. This is because treating patients is impossible without that information.

In addition to data, there are the risks held within connected medical devices—a risk that is not yet fully understood or exploited. The life-threatening manipulation of these devices by cybercriminals has yet to be seen. However, the vulnerabilities are there (especially in older, legacy medical equipment), and it will prove to be useful to have a real cybersecurity expert in your organization if it ever comes to that.

The Need to Reduce Human Error

When we talk about data breaches and malware, you can’t avoid the discussion of human error. If you infect your computer by downloading and running a malicious attachment from a malicious email, that is human error.

According to a study by the Ponemon Institute, 36 percent of healthcare organizations and 55 percent of business associates named unintentional employee action as a breach cause.

Just like any other industry, teaching and training employees to handle data and user information more carefully is a major cybersecurity component. We’re hoping that more and more healthcare organizations will see the value in improved cybersecurity awareness as time goes on, and adopt policies that push this value forward.

Recent Insights