According to Grandview Research, the healthcare security market in 2014 is valued at $5.5 billion. That industry investment is predicted to increase at a 9 percent compound annual growth rate through 2022. The reason for this rise is an increased threat of cyber attack, including malware, distributed denial of service, advanced persistent threat, zero day attacks and internal risks from BYOD, cloud access and network issues. A Ponemon Institute study published earlier in 2015 reported that malicious network attacks in healthcare are up 125 percent since 2010.
A Valuable Commodity
The tide of data intrusion has rapidly turned from stolen devices to cyber crimes, chiefly for the reason that healthcare data is financially lucrative. Patient records may be as much as 10 times more profitable to criminals as other types of private information, such as credit card data.
A report by the Healthcare Information and Management Systems Society reveals that in 2015, 66% of organizations experienced a security incident, and hackers were able to compromise more than 100 million patient records using APT style attacks. The report suggests “traditional defensive weapons will “likely will not be successful in helping to defend from the cyber-attacks of tomorrow.” The healthcare industry is rapidly adopting sophisticated tools and measures for intrusion prevention and other advanced cybersecurity capabilities.
Cybersecurity talent and resources are shifting from a focus on HIPAA to comprehensive healthcare security risk management.
There’s a shortage in talent estimated as many as one million unfilled positions. Yet, healthcare is one of the most highly targeted private sector industries, so experienced cyber professionals are necessary and in high demand.
Security professionals need to have expertise in the policy and multiple layers of technology security requirements for exceeding HIPAA compliance.
Security professionals should also be able to perform comprehensive risk assessments that define protective measures as well as appropriately and quickly manage breach response efforts Rationalizing the Healthcare Security Investment
Waiting for a breach to occur before making an investment in network and data security is the most expensive option. A single security breach at a medical center resulted in a $15,000 fine, which even the organizations leaders realized was “modest.” In the case of another healthcare organization, an infraction compromising 600 records resulted in an $850,000 fine. While the HIPAA penalties and media exposure resulting from a data breach can push a company into taking a stronger security position, establishing a security culture before an intrusion occurs will save money, minimize administrative and legal effort, sustain employee productivity and maintain patient satisfaction.
“Data security within the health care industry is becoming a great challenge,” says Matt Rosentrater, Master Cybersecurity Consultant and Tekkis. “There’s an increase in malicious activity and a lack of experienced and affordable resources to address the problem. Tekkis brings, HIPAA compliance, technology and cybersecurity consulting expertise to healthcare organizations serious about reducing their risk.”
For more information about Tekkis and its compliance and cybersecurity solutions for healthcare security, visit www.tekkis.com or call 720-583.2883. Tekkis has the experienced resources you need to fortify your network and strengthen your business.