Health care data security breaches are increasing at an alarming rate, affecting nearly one in three Americans. Cyberattacks are lucrative for hackers — health care data has 50 times the value of credit card information on the black market ($50 versus $1).1 In addition to the financial repercussions, which can reach as high as $1.5 million a year for repeat violations, cyberattacks can damage an organization’s reputation.
Compared to financial institutes, health care organizations are not generally equipped to identify and stop data security breaches.2 Now more than ever, it’s important for health plans to identify gaps in security controls and monitoring processes to deter such threats.
Establishing an effective security strategy
Stolen laptops, misplaced hard drives, phishing and social engineering present opportunities for security breaches. Newer technologies expose flaws in data storage and sharing. Also, it may not be immediately apparent when a breach occurs — it can take up to 200 days to discover a breach and determine the extent of its impact on the health plan and its members.
Many IT executives and senior leaders acknowledge that increased investments in their organizations’ information risk, compliance and security programs are a priority for this year and the immediate future. To develop a more mature security position, health plans need to:
1. Identify risks and mitigation strategies for the evolving threat.
2. Design, develop and implement security architecture and standards.
3. Manage security functions with real-time threat monitoring, risk management and operations.
In our video, “OnTrend™: Cyber security,” we take a closer look at the impact of data breaches and approaches to improving security.
1. Bitglass Healthcare Breach Report. 2014.
2. Bitglass Healthcare Breach Report. 2014.