Today’s threats against healthcare institutions are becoming more in-depth and more damaging than ever, forcing IT’s hand to develop (and invest in) a more robust security strategy. As a result, the global healthcare cybersecurity market is expected to reach nearly $11 billion by the turn of the decade.
There are a number of different reasons why the market, which was valued at $5.5 billion in 2014, is poised for substantial growth through 2020. Some of the more impactful factors fueling growth include:
Let’s take a closer look at each of these points.
In 2015, more than 113 million medical records were breached. To put this in perspective, if each case were a single individual, about a third of America’s population would have fallen victim. Further, as recently as this summer, we’ve seen a single cybercriminal advertise more than 600,000 healthcare patient records for sale on the dark web. The records included the victims’ full names, social security numbers, birthdates, and more, which could be used for fraudulent activities.
Cybercriminals understand that many hospitals, doctors, and insurers are simply not prepared to counter today’s sheer volume and sophistication of attacks, such as MEDJACK, social engineering, and ransomware. As more healthcare institutions move their data online to provide more efficient and effective patient care, cybercriminals will likely continue to eye the industry as their number one target. For many healthcare organizations, it’s not if they’ll be hacked, but rather when.
Each time a digital advancement is made within the healthcare industry, there’s a new opportunity for cybercriminals to sneak their way in. Today’s organizations are faced with a number of threats as the attack surface is widened with new technological innovations designed to streamline care. Utilizing cloud services for data storage, employees connecting to unsecure networks while on the go, the bring your own device (BYOD) phenomenon, and devices with sensitive data that can be physically stolen (such as laptops and tablets) are just a few of the now-common digital practices that have made healthcare more vulnerable.
In addition, the expanded adoption of the Internet of Medical Things (IoMT) throughout the industry adds yet another complication to the security puzzle. Connected devices, ranging from insulin pumps to wireless pacemakers to infusion devices, are forcing healthcare institutions to invest in technology (like internal segmentation firewalls) that can protect and “containerize” these devices from inside the network. Instituting connected devices such as these without multi-layered security measures in place can literally have fatal consequences.
The fact that healthcare institutions are some of the most frequently targeted organizations across all industries should come as no surprise, as healthcare data is some of the most valuable to those looking to make a profit on the dark web. Stolen credit cards on the dark web may go for a dollar, two, or three. Social security numbers on their own may go for somewhere around $15. However, complete health care records are gold mines, reportedly going for as much as $60 each.
While stolen credit card information can be quickly remedied via cancellation, healthcare records’ have boundless shelf lives. If put in the wrong hands, the information from healthcare records can be fraudulently used to obtain and pay for treatments, prescriptions, or even costly surgeries. The bottom line is, healthcare institutions are being forced to invest in data security solutions so they can protect themselves and their patients and employees against the wave of cybercriminals that are digging for dark web gold.
Whether intentional or not, attacks by cybercriminals always cause disruption and impose financial hardships. In fact, the average cost of a data breach on healthcare organizations has climbed from $3.79 million to $4 million in just 2016 alone. And after a breach, organizations typically look to hire additional security personnel, need provide on-going credit monitoring for affected patients, implement employee training around threat awareness, and develop a business continuity strategy and implement new security systems, all of which when combined can represent a pretty penny when it comes to both capital expenses and ongoing operating costs.
Additionally, HIPAA fines can be levied on organizations that allow such the breach to occur, not to mention class action lawsuits and attorney fees. However, all of this pales in comparison to the detrimental effects of losing a patient as a result of a breach.
While this list doesn’t represent all of the reasons why the healthcare security market is booming, we believe these are some of the most impactful elements.
Let’s get a conversation going on Twitter! What do you think are some of the reasons healthcare organizations are turning to more robust network security solutions?