Cyber security and healthcare patient data: almost 50% of companies have had a HIPAA-related security breach in the past two years.
As more and more data and data processing goes online, cyber security is becoming increasingly important to healthcare companies.
As noted by Michael Ebert (KPMG Cyber-Security Services), “healthcare is only now in the beginning phases of becoming one of the most data-intensive industries imaginable, which makes it one of the most susceptible to cyber-risks”.
Patient data is important and needs to be kept safe. Beyond reduced customer and patient trust, the financial penalties for failure can be severe. A recent survey by KPMG concluded that “The value of digital assets across healthcare is skyrocketing—as are the risks and costs of regulatory non-compliance, reputational damage, and related cyber and privacy breaches”. These comments were based on a survey of 200 companies, that revealed the following key points:
- 47% of healthcare firms have had a HIPAA-related security violation or breach in the past two years.
- 52% are relying upon cyber insurance to protect their organizations in the event of a cyber-attack
- 43% of respondents to KPMG’s survey have not increased cyber-security budgets despite recent high-profile breaches.
Digital, healthcare data have a lot of benefits but it is important to understand the risks and responsibilities associated with it.
Further reading:
- European Union Agency for Cybersecurity: ENISA
- Recommendations published in June 2017 by the Health Care Industry Cybersecurity (HCIC) Task Force
- FDA proposal to U.S. congress in october 2017 for a working group to increase the security and resilience of Internet of Medical Things devices: Internet of Medical Things Resilience Partnership Act of 2017.
- The Royal Academy of Engineering (RAE) published in March 2018 a report called Cyber Safety and Resilience
- Addressing the cybersecurity of medical devices as a patient safety concern (FDA Medical Device Safety Action Plan released in April 2018)
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients released by U.S. Department of Health and Human Services in January 2019.