Can healthcare protect itself from cybercriminals?

HIPAA, Paubox, Security Threat

With the recent onslaught of cyber attacks to various healthcare systems, it’s becoming evident that healthcare systems as a whole are doing a poor job of protecting the data of their patients. According to a recent survey by consulting firm, Accenture, cyberattacks will cost healthcare organizations $305 billion over the next five years.

32% of acute care facilities (hospitals) and 52% of non-acute care facilities (outpatient clinics and physician offices) are not encrypting their data in transit. 61% of acute care facilities and 48% of non-acute providers are encrypting data at rest. The fact that there are still healthcare systems out there not encrypting data at rest and in-transit is disturbing.

According to the Brookings Institution, one out of four data breaches this year will be from the the healthcare industry. With such disturbing facts, the question becomes why is this happening to the healthcare industry?

Healthcare information is extremely valuable! The FBI estimates that healthcare information is worth 20 times more than your credit card numbers. Unlike your credit card numbers and money, which is FDIC-backed, your healthcare information has little protection. A person’s healthcare information contains their name, payment information, social security number, date of birth, and much more. This type of information can be used by criminals to commit identity and insurance fraud, or worse.

Health IT security is seriously lacking. I attended a HIMSS seminar not too long ago, in one of the seminars there was a panel of CISO (Chief Information Security Officer) from various hospitals. A disturbing fact emerge from this talk. Compared to the financial industry, which spends on average about 30% of its IT budget on cybersecurity, healthcare only spends about 5% of its IT budget on cybersecurity. A possible reason for this is because most health systems are more concerned about regulatory compliance and interoperability of varying IT systems, cybersecurity takes a backseat. Considering the number of vulnerable exposures a typical healthcare facility has and the value of health information, healthcare must put more emphasis on protecting itself from cyberattacks.

People are a weak point in healthcare IT security. Recent attacks of health system by ransomware has highlighted a huge weak point in health IT security, people. Ransomware occurs by using phishing, where a hacker embeds the malicious malware inside a legitimate looking email or link. Once an employee inadvertently clicks on the link, your entire system is held hostage till the ransom is paid. Many healthcare IT professionals have indicated that they are understaffed and under-budget to properly prevent against such attacks. However, by training your employees on how to properly identify and react to a cyberattack can go along way to preventing one.

Healthcare is entering uncharted waters as it transitions to a digital world. Having healthcare information readily accessible helps healthcare delivery more efficient. However, protecting that information against sophisticated cybercriminal must take more precedent. Fortunately, healthcare systems and government policies are beginning to take form to help combat this threat. Hopefully the pattern continues to trend towards a positive path.

About Paubox: Paubox is a provider of seamless and secure HIPAA compliant email encryption.

Try Paubox Email Suite for FREE today.

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport