Consider the stakes raised for cybersecurity
One in 13 patients (or 25 million patients) is expected to have their personal and financial information illegally accessed through their healthcare provider’s IT systems over the next five years, according to a report from Accenture.
Of those affected by such breaches, Accenture expects that 25 percent also will be the victim of medical identity theft, according to the new report, “The $300 Billion Attack: The Revenue Risk and Human Impact of Healthcare Provider Cyber Security Inaction.”
That puts a heavy burden on providers--Accenture says those that do not make cybersecurity a priority “will put $305 billion of cumulative lifetime patient revenue at risk over the next five years.” The firm also estimates that each provider organization lost an average of $113 million of lifetime patient revenue for every data breach it suffered in 2014.
"Moving to active defense strategies can improve cyber security effectiveness by an average of 53 percent over two years," the report reads. "This is increasingly important as recent events have shown that a provider’s cybersecurity insurance may not be able to be claimed without adequate security standards and controls in place.
"Active defense requires a risk-based approach to cyber security management, using analytics to detect events and threats, as well as enabling a far swifter response to incidents. In this era of digital health, ehealth and healthcare consumerism, this shift must be a priority for C-level healthcare executives, rather than the sole responsibility of the information or technology function, with strategic planning to identify and then close potential vulnerabilities."
Accenture suggests the following five actions providers can take to develop effective cybersecurity measures:
- Assess current practices and look for opportunities to improve. Determine the volume of resources required for meaningful transformation.
- Establish an end-to-end enterprise security program and integrate it with existing security architecture.
- Become more agile by embracing cloud technologies.
- Adapt to new threats by developing threat-centered operations by becoming familiar with the tactics used by potential attackers.
- Create a delivery and operational strategy for security services offered, evaluate internal competencies for building and deploying a cybersecurity program.
Click here to read the full report.
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.