Report: Providers Need to Ready their Defenses Against Cyber Threats
One in 13 patients (or 25 million patients) can expect to have their personal and financial information illegally accessed through their healthcare provider’s IT systems over the next five years, a new report from Accenture predicts.
Of those affected by such breaches, Accenture expects that 25 percent will also be the victim of medical identity theft, according to the new report, “The $300 Billion Attack: The Revenue Risk and Human Impact of Healthcare Provider Cyber Security Inaction.”
The report states that providers who do not make cybersecurity a priority “will put $305 billion of cumulative lifetime patient revenue at risk over the next five years.” The report also explores the human impact of healthcare data breaches, noting that unlike credit card theft, which can limit what the victim pays to $50, victims of medical identity don’t have the same level of protection. The report cites Ponemon Institute data that finds that 65 percent of medical identity theft victims pay out-of-pocket costs at an average of $13,500 per victim.
The report also proposed five actions that providers can take to develop effective cybersecurity measures.
- Assess current practices and look for opportunities to improve. Determine the volume of resources required for meaningful transformation.
- Establish an end-to-end enterprise security program and integrate it with existing security architecture.
- Become more agile by embracing cloud technologies.
- Adapt to new threats by developing threat-centered operations by becoming familiar with the tactics used by potential attackers.
- Create a delivery and operational strategy for security services offered, evaluate internal competencies for building and deploying a cybersecurity program.
“Active defense requires a risk-based approach to cyber security management, using analytics to detect events and threats, as well as enabling a far swifter response to incidents,” the authors of the report wrote.
Click here to read the full report.