The consensus of IT professionals believe healthcare facilities and companies have largely underinvested in cybersecurity of their industry. Part of the issue could be connected to the dramatic shift in how the industry stores their data. Back in the 90s, the vast majority of health records were on paper. Hospitals and other healthcare institutions switched to a more digital format in a few short years, and have since struggled to keep up with the growth of digital security.
Another part of the issue behind the underinvestment of cybersecurity in healthcare is how much of their IT budgets are allocated to this brand of protection. While other industries like finance and the federal government reserve over 12 percent of their IT budgets to cybersecurity, healthcare averages roughly half of that figure. The cost of breaches in the healthcare industry averages to $355 per stolen record. The average cost of a healthcare breach is estimated to be around $2.2 million, along with dealing severe damage to the reputation of the affected company or institution.
Taking all these factors into consideration, it’s worth noting how creative and elaborate hackers have gotten with their infiltration methods, along with the quantity and types of cybercriminals that now exist. 20 years ago, the average healthcare network mainly faced cyber threats from individuals like students trying to breach their systems. In 2017, these threats have broadened considerably, and now include state-sponsored cyberterrorists, organized crime, along with individual and group hacktivism.
Despite the skyrocketing demand for cybersecurity personnel, it’s not as easy to recruit. Consequently, this is one of the major contributing factors to why the average Chief Information Officers (CIOs) tend to be bombarded with stressors ranging from the security to regulation end of their occupations. Compared to healthcare, there’s also a lot more money for IT and cybersecurity specialists in other industries. The average advertised pay for these positions in the cybersecurity industry is 25 percent lower than a field like finance, which mitigates the appeal of working for a hospital or healthcare provider.
It’s also worth mentioning the additional stress of not only being on your toes every minute by ensuring the protection of digital records, but because people’s lives hang in this delicate balance as well. With a growing number of hospital equipment like respirators, monitors, and EKG machines now utilizing wireless connectivity to perform basic functions, it paints a very dire picture of what could wind up happening in a worst-case scenario cyberattack overtaking a healthcare institution’s systems; something that’s already happened throughout the world on more than one occasion.
Although the costs of having cybersecurity specialists remain high, it’s better than leaving a healthcare institution openly exposed to being targeted for this kind of breach. Healthcare CIOs are ideally familiar with complex medical devices and comfortable with software, along with complicated regulations, but need to educate and keep hospital staff informed on the latest threats. One effective method is to run mock cyberattacks or phishing exercises coupled with educational campaigns, which is becoming a common occurrence in healthcare workplaces nowadays.
Filed Under: Cybersecurity, M2M (machine to machine)