Healthcare cyber security is very much behind in the times as far as where other industries are now at with their cyber security and where healthcare facilities currently rank. In fact, the two industries that are the most outdated on their cyber security in the United States are healthcare facilities and colleges/universities. One can imagine that this would be extremely perilous and damaging, as healthcare facilities hold onto confidential information regarding their patients. When this information is hacked however, it is very dangerous and alarming for both the healthcare facilities and the patients of those facilities.

A Study by KPMG Puts Forth Numbers on Healthcare Industry’s Security Outpoints

One organization, KPMG, studied and published findings on cyber security in a report titled “The Healthy Approach to Cyber Security.” Some of their findings revealed shocking and appalling deficiencies in healthcare cyber security. What was truly concerning about this problem was the fact that a lot of these problems and issues are actually becoming worse each year, not better. For example:

  • The study found that in 2017, about forty-seven percent of healthcare providers in this country said they had had instances of cyber security-related HIPAA violations, cyber attacks, threats, or thefts that compromised confidential data.  
  • This number of forty-seven percent is compared with a thirty-seven percent number in KPMG’s 2015 survey. Essentially, the problem grew by ten percent in just two years.
  • One would think that as the threat rises, efforts to address it would also rise. Not so. Despite the rising threats to confidential information held by healthcare facilities, KPMG’s survey also found that addressing, increasing, and maintaining cyber security as a “board agenda item” has declined over the past two years.
  • With an average of multiple facilities studied, KPMG found that about seventy-nine percent of facilities increased their efforts to address cyber security in 2017, whereas eighty-seven percent of facilities increased their efforts in 2015.
  • From the above combined, we can see that a twelve percent decline in efforts to address cyber security in two years resulted in a ten percent increase in attacks and successful thefts in that same two year period.
  • To top it all off, KPMG found that healthcare facilities are unwilling to invest as much money in cyber security now as they were two years ago. The volatile environment should create more investment, but rather it has created much less. From the same study by KPMG, it was found that only sixty-six percent of facilities made additional investments in cyber security in 2017 whereas eighty-eight percent made significant investments in 2015.

The Big Misunderstanding

What we have here is a situation where there was a significant amount of effort taken to address cyber security between 2013 and 2015. However, from 2015 to 2017, the investment suddenly declined quite significantly and now the increased attacks over the last two years has paralleled that decrease.  

The big misunderstanding is that healthcare facilities cannot simply invest 110% in cyber security one time, or even consistently over the course of a few years, and then stop or pull back the investment. Rather they must continue to invest in cyber security over and over again, lest they create great risk to their patients. In a volatile and concerning time as this, where a cybercrime is more likely to occur than a physical crime, hospitals, urgent care facilities, private practices, family practices, VA centers, behavioral healthcare centers, and any other healthcare facility need to increase and enhance their efforts in cyber security. At Medstaff, we are dedicated to the security of the physicians who we work with. Call today at (800)-476-3275 for more information.