According to the Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data, roughly 90 percent of healthcare organizations experienced a data breach in the last two years with the average breach costing $2.2 million in damages. Even more astonishing, while nearly 50 percent of those surveyed claimed cyber-attacks as the root cause of data breaches, most healthcare budgets for cybersecurity have either dropped or stayed the same. “One hypothesis we have, and I think the data supports us over the last six years, is that there are more and more attacks from external sources,” said Larry Ponemon, chairman and co-founder of the Ponemon Institute.
Additionally, over the last 24 months, experts estimate that data breaches costed the healthcare industry around $6.2 billion. While most of these breaches are not monumental – fewer than 500 records – stolen medical records can be the most damaging to an individual and are the most sought after on the black market. Yet, despite these frightening statistics, the healthcare industry continues to trail other sectors when it comes to cybersecurity and data-protection. Not only should healthcare organizations increase their budget for cybersecurity, Rick Kam, president and co-founder of ID Experts, explains that these organizations lack cybersecurity staff and talent as some 20,000 vacant cybersecurity positions exist in the industry. Unfortunately, while IT experts and the C-suite both agree that this is a rising problem that deserves increased attention, few seem to be addressing the problem with action.