In recent years, the health industry has shifted to a digital perspective in order to better health care services. While there are many benefits to this shift such as greater accessibility, data driven insights, and a fuller sense of understanding from patients, these modern solutions leave much opportunity for theft and security breaches.
A considerable amount of the digitalization comes from wearable devices, online healthcare systems, electronic health records, and electronic medical records. These online systems contain private information including Social Security numbers, insurance information, health conditions, hospital visits, and even prescriptions.
According to a report from Bitglass, there was a total of 599 total data breaches in 2020. These breaches affected over 26 million people and increased the average cost of a health care breach by 10.5%.
Bitglass reported that 67.3% of all health care breaches in 2020 were due to hacking and IT incidents. Unauthorized disclosure led to 221.5% of breaches, and loss or theft of devices was responsible for 8.7%.
One reason healthcare providers are a large target for theft and data breaches is because they hold massive amounts of data. Not only are large hospitals at risk, but smaller organizations with less cyber security resources as well.
Another main source of security threats are human mistakes. Many health care workers are under pressure with a multitude of patients and data. Basic security measures are often overlooked due to the constant sense of urgency in health care settings.
On average it takes a health care organization 96 days to identify a breach and 236 days to recover from it. In 2020 many major providers including Pittsburgh’s UPMC, and Omaha’s Nebraska Medicine admitted to being affected by breaches.
The past few years have proven that the digitalization of the healthcare industry has led to an increase in theft and data breaches. It has also been realized that it is crucial to be capable of identifying, reacting to, and recovering from these incidents as quickly as possible.
A few examples of ways to combat and prevent these occurrences include hiring or investing in high grade security resources, emphasizing cyber security in staff trainings, and staying up to date on the latest security technology.