The healthcare sector is ill-prepared for the new cyberage, according to ABI Research (www.abiresearch.com). Hospitals, clinics, trusts, and insurers are constantly under attack from malicious online agents, says the research group.
The value of personal health information, made more easily available with the convergence to electronic health records, is 10 times that of financial data such as credit card numbers. Medical identity theft and fraud are on the rise, and healthcare providers are struggling to cope, with the past 2 years seeing hundreds of instances of data breaches leaking millions of personal records.
Yet the industry spends very little on cybersecurity, comparatively to other regulated critical industries. ABI Research calculates cybersecurity spending for healthcare protection will only reach US$10 billion globally by 2020, just under 10% of total spend on critical infrastructure security.
Where the financial and defense sectors are just about coping, the healthcare industry is drowning. Care providers and business associates have other priorities: the delivery of care being chief among them, and compliance with regulation another. The pressure is on, however, to reduce the growing costs of healthcare due to a growing number of patients worldwide. Healthcare players now have to not only keep up with data protection requirements, but also find a way to modernize and cut-costs through the adoption of new technologies.
The convergence to digital, the implementation of secure cloud solutions, and the protection of data as it flows through mobile health applications are new security issues the healthcare sector is looking to address. Models can be adapted from the financial services sector and could serve to build solutions for healthcare providers.
“Cybersecurity for healthcare is still a small, fragmented market but the potential opportunities for expansion are large and will continue to grow as healthcare organizations increasingly come under cyberfire,” says ABI Research Digital Security Practice Director Michela Menting.
A few innovative startups such as TrueVault and FireHost are already making waves in this area and building a niche for themselves around HIPAA compliance, Menting adds. Managed services and cloud solutions from companies such as NetFortris and ID Experts also provide secure solutions for those ready to make the third party leap. With the support of growth management firms like Bluewater International, or collaborative industry bodies such as the Medical Identity Fraud Alliance, awareness on the issues of risk management and fraud prevention is growing.