Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents. Among those was the American Medical Collection Agency (AMCA) breach, an event which affected 24 million patient records when an unauthorized user accessed systems that contained sensitive information. The breach ultimately led AMCA to file for bankruptcy, and it affected over 20 AMCA customers like Quest and LabCorp.

Despite the growth in cyberattacks in the healthcare industry, healthcare organizations continue to underinvest in cybersecurity. Compared to other industries like the financial industry, which invests 15% of revenue on cybersecurity initiatives, the healthcare industry invests only 4-7% of revenue.

Healthcare organizations under-invest in cybersecurity, even though the industry incurs the highest per capita cost of a breach. According to the IBM 2019 Cost of a Data Breach Report, the average cost per breached record in healthcare is $429. Although the financial industry has the second-highest average cost per breached record at $210 per breached record, healthcare incurs more than double the cost than finance.

HITRUST Tripwire Partner to Help Healthcare Organizations Mature their Cybersecurity practices

To mitigate breaches to confidential patient information, HIPAA was instituted to ensure the confidentiality, integrity and availability of protected health information, so it came with attendant fines for non-compliance. To improve their cybersecurity posture and avoid fines, many healthcare organizations have taken steps to ensure that they comply with HIPAA and that they pass the HIPAA audits.

Recognizing the need to improve their security posture, many mature healthcare organizations have adopted industry-standard frameworks like NIST and CIS. Also, many healthcare organizations recognize their need to achieve compliance with other regulatory standards like PCI and SOX. Yet the spate of breaches in healthcare demonstrates that achieving compliance (Read more...)