As 2018 winds down to a close, we look back at the state of cybersecurity in the healthcare industry. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires healthcare professionals to ensure that the data of their patients and consumers are kept private and protected. Sadly, data breaches in healthcare organizations have been increasing every year, and 2018 is no exception.
The rising number of data breaches
In 2018, research from the Center for Quantitative Health at Massachusetts General Hospital revealed that since 2010, there have been a total of 2,149 healthcare breaches involving 176.4 million patient records.
Another study published in the Journal of the American Medical Association corroborates the Center’s findings. This latest study puts the number of records breached at around 176 million, or about 344 breaches per year. That’s a 70 percent increase from seven years ago.
While doctors’ offices and healthcare providers were the usual targets of cybercriminals, big health plan companies saw the most number of compromised health records — 110.4 million over a seven-year period. A huge chunk of that belonged to the 2015 breach at Anthem Inc., the largest US health insurance company, with 179 million client records compromised.
The rising cost of data breaches
As the number of data breaches increases, so do the corresponding costs. A 2018 Cost of a Data Breach study by IBM Security and the Ponemon Institute showed that from $380 per record in 2017, the cost of a data breach rose to $408 per record in 2018. That’s nearly three times higher than the average cost per record across all industries. And for eight consecutive years, the healthcare industry incurred the highest cost for data breaches among all other industries.
The rising trend is global. The same 2018 study shows that the global average cost of a data breach has increased 6.4 percent from last year to $3.86 million. When compared to $3.5 million in 2014, that’s almost a 10 percent increase over the past four years. And the average cost for each lost or stolen record, across all industries around the world, also increased by 4.8 percent to $148 per record.
The additional costs from data breaches
The impact of a data breach is not just measured by the number of records compromised or costs in dollars. Other costs that accompany a data breach include:
- Reputational damage – The more massive the data breach, the bigger a public relations nightmare it is for the company. A breach compromises customer trust and devalues the brand name.
- Customer turnover – Unless you say and do something to mitigate the loss of trust, you’ll see customers migrating to competitors.
- Operational costs – Recovery from a breach takes time, effort, and money. It disrupts operations as you plug leaks and put in place better defenses.
- Insurance premium increases – Thanks to several high-profile breaches in health insurance companies, cyber insurance premiums have skyrocketed. After their 2015 data breach, Anthem found their insurance renewal rates to be “prohibitively expensive.”
IBM and Ponemon’s 2018 Cost of a Data Breach also studied the abnormal churn rates (ACR) among 17 different industries. ACR is defined as “the greater than expected loss of customers following a data breach incident.” Not surprisingly, the healthcare industry has the highest ACR at 6.7 percent, compared to the 3.4 percent average among other industries.
The alarming rise of mega-breaches
Mega breaches are those involving more than a million records. In 2013, nine mega-breaches were reported. In just five years, that number has nearly doubled, with 16 mega-breaches in 2017. The average cost of a mega-breach of 1 million records is around $40 million dollars; a breach affecting 50 million records can cost up to $350 million dollars.
Especially alarming is 10 out of 11 of these mega-breaches are not from system or human errors, but from malicious criminal attacks.
And it took a year before these mega breaches were detected and contained — the average time for mega-breach detection was 365 days, comparatively longer than the 266 days on average for smaller-scale breaches.
The need for managed services providers and proactive cybersecurity
As 2018 ends, it’s clear that breaches will continue to be a security concern for all. And if you’re in the healthcare industry, you need to prioritize data security.
That’s why you should partner with a managed services provider (MSP) like Online Computers — our experts have extensive experience providing IT solutions and proactive cybersecurity services to healthcare enterprises like yours, and we’ll help ensure you are always HIPAA-compliant. If your business is in and around Hanover, Morristown, and Madison, make it your New Year’s resolution to give us a call. We’ll make sure you’ll start 2019 safe and sound.
[code-snippet name=”html-newsletter-form”]
Did you like this blog? Here are some similar topics you might be interested in:
[accordions title=”aa”]
[accordion title=”4 Current and Up-and-Coming Trends in Healthcare IT“]
Learn about the latest trends on healthcare technology and how it’s shaping the future of healthcare services. Read more.
[/accordion]
[accordion title=”How to overcome the many technology challenges in healthcare“]
Healthcare consistently faces technological challenges. Here are some tips on how to overcome these challenges. Read more.
[/accordion]
[accordion title=”How electronic health records help improve the quality of patient care“]
Research has shown that use of health records elevate the quality of patient care. Read more.
[/accordion]
[/accordions]