A recent survey was conducted to find out the cost associated with healthcare industry data breaches, the scope of the healthcare sector under attack, and what percentage of the attacks succeed.
The Black Book Market Research conducted a survey on 2,876 security experts at 733 companies from Q4, 2018 to, Q3, 2019. Respondents shared their opinions on cybersecurity to know the vulnerabilities and security issues and find out why a lot of these cyberattacks succeed.
According to 96% of surveyed IT experts, cybercriminals are moving faster than medical companies, which is not surprising considering that 93% of healthcare companies claimed having encountered a data breach since quarter 3 of 2016. The report stated that 57% of companies had encountered over five data breaches during that period of time. Over 50 percent of the data breaches that healthcare organizations reported were caused by hacks and external threat actor attacks.
The healthcare sector is the target of attacks since hospitals and insurance companies keep massive amounts of sensitive and important information and there are usually security vulnerabilities that may be quickly exploited. Because the risk of attack is really high, the industry stays remarkably prone to data breaches.
There is a considerable cost associated with these healthcare sector attacks. Based on the report, the expenditure due to data breaches at hospitals in 2019 was $423 for every record. The report forecasts that, according to the present volume of data breaches, the cost to the healthcare industry is going to reach $4 billion by the end of the year. Seeing the present trends and the yearly growth in healthcare data breaches, that number is very likely to be significantly higher in 2020.
The survey highlighted that a major reason why the healthcare sector is vulnerable is budget limitations. Legacy systems and equipment remain extensively used in the healthcare sector, however, the cost of updating those systems is hard to rationalize when the cash does not grow with revenue.
Overall, money invested in cybersecurity for 2020 is designed to be increased to about 6% of total IT funds at hospital systems, however, smaller practices had a cut down in investment in cybersecurity, particularly at medical organizations where just 1% of the 2020 IT funds will be invested on cybersecurity. 90% of hospital reps surveyed stated their cybersecurity finances had no change from 2016.
Purchases of cybersecurity solutions are mostly bought blindly. One-third of surveyed hospital professionals stated they selected cybersecurity solutions without having a lot of insight or discernment. 92% of decisions on security product or services since 2016 were made by C-level executives without involving department administrators and consumers in the purchasing decision. Merely 4% of companies stated they had a guiding committee to help assess the effect of funds in cybersecurity.
A lot of healthcare companies are also working without a accountable security manager. Just 21% mentioned they had a committed security officer and only 6% reported that individual was the Chief Information Security Officer. At physician groups with over 10 clinicians, only 1.5% said they had a committed CISO. This is partly due to a lack of competent staff. 21% of healthcare companies claimed they had to outsource the work and are utilizing cyber security-as-a-service as a temporary solution.