The healthcare sector is not prepared for the new cyberage. Hospitals, clinics, and insure companies are under attack from malicious online agents.
The value of personal health information, made more easily available with the convergence to electronic health records, is ten times that of financial data such as credit card numbers.
Medical identity theft and fraud are on the rise, and healthcare providers are struggling to cope, with the past 2 years seeing hundreds of instances of data breaches leaking millions of personal records. And yet the industry spends very little on cybersecurity, comparatively to other regulated critical industries. ABI Research calculates cybersecurity spending for healthcare protection will only reach US$10 billion globally by 2020, just under 10% of total spend on critical infrastructure security essentials. Where the financial and defense sectors are just about coping, the healthcare industry is drowning. Care providers and business associates have other priorities: the delivery of care being chief among them, and compliance with regulation another.
The pressure is on, however, to reduce the growing costs of healthcare due to a growing number of patients all over the world. Healthcare players now have to not only keep up with data protection requirements, but also find a way to modernize and cut-costs through the adoption of new technologies.
The convergence to digital, the implementation of secure cloud solutions, and the protection of data as it flows through mobile health applications are new security issues the healthcare sector is looking to address. Models can be adapted from the financial services sector and could serve to build solutions for healthcare providers. “Cybersecurity for healthcare is still a small, fragmented market but the potential opportunities for expansion are large and will continue to grow as healthcare organizations increasingly come under cyberfire,” says Michela Menting, ABI Research Digital Security Practice Director.
A few innovative startups such as TrueVault and FireHost are already making waves in this area and building a niche for themselves around HIPAA compliance. Managed services and cloud solutions from companies such as NetFortris and ID Experts also provide secure solutions for those ready to make the third party leap. With the support of growth management firms like Bluewater International, or collaborative industry bodies such as the Medical Identity Fraud Alliance, awareness on the issues of risk management and fraud prevention is growing.