At the end of 2019, Black Book Market Research conducted a study, surveying 2,876 security professionals from 733 healthcare provider organizations, to determine trends in security breaches in healthcare. The data they discovered indicated that healthcare is the most targeted sector in the U.S. economy, with 4 out of 5 breaches occurring in the healthcare sector. Since 2015, 300 million healthcare records have been stolen, affecting 1 in 10 healthcare consumers. In the last three years, 93% of healthcare organizations have been breached; of the breached organizations, 57% of them have experienced more than 5 breaches. The reasons behind the security breaches in healthcare are discussed below.
Why are Security Breaches in Healthcare Occurring So Frequently?
There are several reasons why security breaches in healthcare are continuing to grow. However, the main cause is outdated security solutions.
The study found that 96% of professionals believe that hackers are outpacing healthcare security. Hackers have become more advanced as time goes on, often collaborating to find vulnerabilities in healthcare organizations’ security tools. It was found that 56% of providers still rely heavily on equipment utilizing outdated Microsoft 7 Operating Systems (OSes). Budget constraints make it difficult for many providers to upgrade their medical devices to current OSes, leaving their organizations vulnerable to hacks. Outdated OSes are no longer supported with security patches, making it impossible for the device they operate on to be secure. Security patches fix known vulnerabilities in OSes; without patches, hackers exploit these vulnerabilities to access systems.
The issue is exacerbated by the lack of budgeting for IT security; since 2016, 90% of surveyed professionals stated that their IT security budgets have remained the same. However, providers and physicians groups budgets are the worst offenders, with less than 1% of their IT security budgets dedicated to cybersecurity in 2020. Large health systems and hospitals are not much better, with 6% of their IT security budgets dedicated to cybersecurity.
It seems that although security breaches in healthcare are growing, the healthcare sector is failing to address the root cause behind the breaches, lack of budget dedicated to updating outdated systems and implementing more robust cybersecurity tools.
Another reason security breaches in healthcare occur is because of failure to evaluate cybersecurity tools before they are implemented, and failure to assess their success rates once they’ve been deployed. Between 2016 and 2018, ⅓ of hospital executives purchased cybersecurity tools, without first researching the tools. Additionally, only 4% of organizations had a steering committee to assess whether or not their tools were effective.