A recent survey of more than 1,100 senior security executives worldwide found that 76 percent of global healthcare organizations and 81 percent of U.S. healthcare organizations plan to increase information security spending in 2017.
At the same time, the 2017 Thales Data Threat Report, Healthcare Edition also found that 60 percent of U.S. healthcare respondents are deploying to cloud, big data, and IoT or container environments without adequate data security controls.
Fully 90 percent of U.S. healthcare organizations feel vulnerable to data threats.
In the U.S., 57 percent of respondents say compliance requirements serve as the top impetus for data security decision making, while globally, the leading motivations are preventing data breaches (39 percent) and protecting reputation and brand (39 percent).
Sixty-five percent of U.S. healthcare respondents and 58 percent of global healthcare respondents encrypt data in the public cloud. Similarly, 59 percent of U.S. healthcare respondents encrypt IoT data, and 58 percent of global healthcare respondents encrypt IoT data.
"For healthcare data to remain safe from cyber exploitation, encryption strategies need to move beyond laptops and desktops to reflect a world of Internet-connected heart-rate monitors, implantable defibrillators and insulin pumps," Thales e-Security vice president of strategy Peter Galvin said in a statement. "Adhering to the security status quo will create vulnerabilities that lead to breaches, and further erode customer trust."
According to Redspin's Breach Report 2016: Protected Health Information, 2016 saw a 320 percent increase in the number of healthcare providers victimized by hackers, and 2016 also marked the first time a U.S. hospital fell victim to ransomware.
"Healthcare providers have become the primary targets of malicious hackers, and their attacks are becoming increasingly sophisticated and disruptive to operations," Dan Berger, vice president at CynergisTek, said in a statement (Redspin is now part of the CynergisTek portfolio).
"The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records copmromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond," Berger added.
Separately, a recent HyTrust survey of 51 healthcare and biotech organizations found that 63 percent of healthcare organizations are currently using the public cloud, 25 percent of those using the public cloud do not encrypt their data, and 63 percent say they intend to use multiple cloud vendors.
Still, 82 percent of healthcare organizations believe security is their top concern.
And a recent Accenture survey found that 26 percent of U.S. consumers have had their personal medical information stolen from technology systems.
Fifty percent of those who experienced a breach were victims of medical identity theft and had to pay an average of $2,500 in out-of-pocket costs per incident.
"Health systems need to recognize that many patients will suffer personal financial loss from cyber attacks of their medical information," Reza Chapman, managing director of cyber security in Accenture's health practice, said in a statement. "Not only do health organizations need to stay vigilant in safeguarding personal information, they need to build a foundation of digital trust with patients to help weather the storm of a breach.
Half of those who experienced a breach found out about it themselves by discovering an error on their credit card statement or benefits explanation. Just 33 percent were alerted to the breach by the organization where it occurred.
In response to a healthcare breach, 25 percent of respondents changed healthcare providers, 21 percent changed insurance plans, and 19 percent sought legal counsel.
Still, 88 percent of respondents still trust their healthcare provider to keep their healthcare data secure, far more than the 56 percent who trust the government to do so.
Photo courtesy of Shutterstock.