The price of violation in healthcare is very high per patient, which doesn't include company loss, productivity, and reputation, but has made cybersecurity the number one threat to the healthcare industry.
FREMONT, CA: Cyberattacks affect the financial department of every hospital and insurer like anything else. There is an enormous investment in the healthcare industry annually. The healthcare industry is engaged in a significant amount of safety breaches.
The Department of Health and Human Services Office of Civil Rights (OCR) has penalties beyond the price of finding a solution to solve breaches and resolving any civil complaints. OCR released a total of $28 million in 10 resolutions in 2018. The HHS Office of Civil Rights is stepping up breach enforcement of private health information.
There is no perfect cybersecurity measure. It's not perfection but the reasonable efforts that are going to require an investment up-front to see where data is located, and educating the workforce on phishing incidents. Hospital finance professionals who rely more on contractors to manage and analyze the income cycle should also take note of the safety problems engaged in sharing this data.
Every business sector has attacked, but because of the nature of its data, healthcare is witnessing the most significant development in cyberattacks, and it is not easily fixed.
Impact on the Healthcare Industry
Due to the number of breaches, the healthcare industry was behind other industries in taking safety steps. Cybersecurity accounts for 4 to 7 percent of the IT expenditure of a health system, compared to around 15% for different sectors such as the financial sector. Hospitals are behind because first, being in electronic form is a challenge to keep up with moving towards more data.
There is no hospital that has no data on mobile EHR. Then this shift took place with free incentives to go to electronic medical records. Without much experience engaged in doing it, there were vast paths to do that. With this massive uptick in cyber attacks, the push to become electronic started to happen.
Besides, patient care has always been the focus of healthcare. The explosion in population health also includes data sharing. And consolidation across the healthcare industry may render covered organizations more susceptible to safety lapses during the stages of transformation and inclusion.
The number one way to reduce expenses is to avoid infringement. Hospitals must be able to define it as quickly as possible after one has occurred and then be able to react to it. It's a continual software update and control fight. Thousands of times a day, criminals ping systems. It's like locking up windows and doors. A risk assessment is the first thing that is required for big and small devices. This is what the OCR intends to see for the first time. To do the work, many hospitals use an external supplier.
Prices for other cybersecurity measures differ from buying software that might be in the millions to tracking vendors. But the cost of a breach of healthcare is about $408 per patient record, and that does not include business loss, productivity, reputation, and disruption of service. Also, hospitals can buy cyber insurance, which varies in cost and coverage. Some get it for class action lawsuits purposes.
The Larger Trend
OCR enforcement activities during 2018 demonstrate the ongoing focus of the agency on implementing security risk assessment violations and risk management regulations. Covered entities and company partners are needed to: perform a comprehensive business-wide evaluation of threats and vulnerabilities; enforce steps to decrease known threats and vulnerabilities to a reasonable and suitable level, and guarantee that any seller or other organization that accesses or stores personal health information is consistent with safety.