The health care sector has been among the most actively pursuant of new technologies, with firms deploying a wealth of novel solutions to reduce errors, drive the success of patient care and improve efficiency across the board. Electronic medical record systems, mobility, cloud computing and myriad other tools and solutions have become commonplace in this industry, while many organizations are already beginning to see better performance across a variety of categories.
Now, while there is no denying that these solutions can have a dramatically positive impact on the average health care provider and are becoming increasingly necessary to compete in the sector, the cyber security concerns are significant. Some analysts and experts have gone so far as to say that the retail sector's data breach woes do not come close to the risk that is apparent in health care, and these assertions have several bases in reality.
For one, patient information is among the most sensitive types of data out there, as medical identity theft comes with the same financial risks as standard account takeovers, but can also lead to complications when seeking a doctor's attention. Additionally, the health care sector has been a bit more speedy in its deployments of untested technology, and it is not clear whether decision-makers are fully up-to-speed on the demands of cyber security in these matters.
Regardless of what industry a company might be competing in, following the ways in which health care leaders are approaching cyber security advancement can be helpful.
Threat level midnight
International Data Corporation's Health Insights division recently released its Business Strategy: Thwarting Cyber Threats and Attacks Against Healthcare Organizations report that revealed some of the key trends in risk management among medical firms. For one, the most common root cause of breach that was reported to the U.S. Department of Health and Human Services was a compromised mobile device - a threat that virtually all organizations face today.
Because so many firms have already deployed enterprise mobility strategies, including BYOD, yet not nearly as many have deployed an adequate policy to govern these devices and software, the problem is intensifying significantly. Lost or stolen devices that are not secured can quickly give a malicious threat access to data and systems that contain sensitive information, leading to significant breaches in health care, financial services and beyond.
According to IDC, a quarter of breaches have come with some form of disruption to general operations in health care, with some causing problems that last up to 24 hours. Considering how much loss can accrue from even a short disruption in IT operations, this is a financial risk that must be mitigated a bit more proactively in the future to avoid the fallout of more significant issues like a lack of trust among clientele.
"For health care organizations, it's not a matter of if they are going to be attacked but when," IDC Health Insights Research Vice President Lynne Dunbrack affirmed. "Health care cyber security strategies need to take a comprehensive approach and include not only react and defend capabilities, but also predict and prevent capabilities to effectively thwart cybercriminals."
Thankfully, the analysts discovered that health care providers have listed enhanced cyber security as a top priority going into the new year.
The rub
At the end of the day, few threats can compare to data breaches in terms of imminence and financial risk, as the average event already costs in the millions of dollars and that figure continues to rise. There are few industries today that do not have to worry about data loss and theft - if any - and it is time for organizations to recognize the importance of comprehensive, proactive and intelligent approaches to cyber security.
In many ways, some of the most effective fortifications to take the sting out of data breaches have been commoditized, such as monitoring solutions, firewalls and general information security. The trick is to understand the specific vulnerabilities and threats that the business faces - whichever industry it might compete within - then take a structured approach to mitigating those risks through the use of proven methodologies, reliable services and technological support from trusted providers.