4 April 2016 Security Blog Trisha

Healthcare Cybersecurity: an Everyday Headline

Phishing, data breaches, ransomware, bitcoins—buzzwords that are becoming all too familiar in the headlines and are certainly included in the boardroom discussions of healthcare facilities around the globe. According to the Office of Civil Rights (OCR) under Health and Human Services, in 2015, there were 268 healthcare security breaches that affected more than 500 individuals with each occurrence, and a combined loss of more than 112 million records. During the past month, at least five healthcare organizations have reported being hit by computer viruses. The frequency with which healthcare cybersecurity breaches occur has caused a shift in urgency among executive teams. Cybersecurity is no longer addressed once a year in the annual review or discussed only within the IT department, but it includes a much broader audience due to the vast impact it can have on a company.
 
Dozens of products and services are offered to mitigate pieces of cybersecurity risks. There is everything from anti-phishing software that offers to protect your business from the earliest stages of a phishing attack, to a data-loss prevention solution that detects and prevents the unauthorized transmission of confidential information. Having a single system or even multiple systems in place is just not enough. A security solution requires multiple products, personnel, plans, and vendor involvement, not to mention thousands of dollars. Depending on the source, it is estimated that personal health records are worth 6–20 times the cost of financial information on the black market. The type of highly personal and sensitive information maintained by the healthcare industry is attractive to and holds great value for cyber attackers, potentially enabling identity theft and medical fraud. For these and many other reasons, healthcare cybersecurity is now an issue that is given attention by not only security officers or directors but also the general public because of the risk of the loss of personal health information that could negatively impact each of us as patients. 

Government agencies, vendors, and patients alike are taking notice of the increased attention to the cybersecurity landscape and the threats that all of us as healthcare providers and consumers are facing in trying to protect healthcare information. While KLAS has historically been thought of with regard to research and insights about EMRs, lab systems, revenue cycle systems, and other core IT systems within hospitals, we are committed to extending our research and help for healthcare providers into security solutions. At KLAS, I hear regularly from healthcare providers who are seeking solutions to the many obstacles they face in building a secure system. 

Security advisory services, mobile device management, identity and access management, and managed security services are just a few of the areas that we are focusing on, and we are committed to offering transparency about how the vendors and products in those areas are meeting providers’ needs and performing. Cybersecurity in healthcare has a long way to go; the financial industry is markedly ahead of us in protecting crucial information. However, we applaud the healthcare systems, providers, and vendors that are committed to the extensive and ongoing process of securing personal health information and continuing to offer amazing healthcare to the many patients who rely on it. 

These concerns are not going away anytime soon. In fact, they’re increasing. As more and more patients begin utilizing wearable health devices, as mobile health apps increase in number, and as the need to share patient information with patients and other healthcare providers increases, the security of personal health information will become more complex and more necessary. So we’ll continue to see headlines about healthcare cybersecurity, and at KLAS, we’ll continue to research the products and vendors that are assisting healthcare providers in keeping their information safe.
 
Our current research efforts are focused on security advisory services and the firms that provide these services within the healthcare market. Additionally, we are researching the maturity of the market regarding where health systems are in their security journey, their strategies with their core clinical and financial vendors, and the innovative security vendors who are helping them. We welcome the input of healthcare providers regarding how vendors are performing in this space so that we can continue to provide information that will help healthcare providers making decisions in sensitive areas, like security. If you are interested in participating in or finding out more about our security research, please feel free to contact me directly at trisha.alexander@klasresearch.com