Why healthcare cybersecurity spending will exceed $65B over the next 5 years

Hospitals and healthcare providers remain under cyber attack, causing organizations to spend more to protect their systems and patient data.

1 2 Page 2
Page 2 of 2

April 13 — The Metro Community Provider Network in Denver agreed to pay $400,000 to settle a case against it by the U.S. Department of Health and Human Services Office for Civil Rights stemming from a data breach at the organization in 2011.

April 7 — Personal health information of 918,000 people is at risk after a backup database belonging to HealthNow Networks, a Florida telemarketer, was posted without access controls to the internet.

April 3 — The online edition of JAMA Internal Medicine published a study finding that larger hospitals and those with a major teaching mission are more likely to suffer a data breach than smaller hospitals without a teaching mission.

March 22 — Urology Austin in Texas announced a ransomware attack on its computer network potentially exposed patient information for 279,663 people.

March 7 — Brand New Day, a Medicare-approved health plan in California, notified 14,005 patients their electronic personal health information is at risk from a data breach at a third-party provider.

March 3 — Emory Healthcare in Atlanta reported a database containing appointment information for about 80,000 patients was deleted by an intruder who demanded a ransom to restore it.

Feb. 22 — Meridian Health Services of Indiana announced W-2 tax information of some 1,200 current and former employees has been compromised by a phishing scam.

Feb. 21 — The Louisiana Department of Insurance said personal information is at risk of an estimated 8,000 former members of the failed Louisiana Health Cooperative after a data breach at the co-op’s reinsurance broker.

Feb. 20 — Accenture released a survey that found more than one in four (26 percent) Americans have had their personal medical information stolen from a technology system and that half those victims suffered medical identity theft, which cost them on average $2,500 in out-of-pocket expenses.

Feb. 20 — A nursing home chain American Senior Communities in Indiana said W-2 tax information of more than 17,000 employees was compromised in a phishing scam.

Feb. 17 — Memorial Health Care systems, an operator of six hospitals in South Florida, agreed to pay the U.S. Department of Health and Human Services $5.5 million to settle case involving the theft of patient information by two employees.

Feb. 16 — Memorial Health Care System in Florida paid $5.5 million to settle potential violations of federal privacy and security rules after reporting the personal health information of 115,143 people was impermissibly accessed by its employees and impermissibly disclosed to affiliated physician office staff.

Feb. 15 — Horizon Healthcare Services of New Jersey agreed to pay the state $1.1 million to settle a case involving the theft of two laptops that allegedly compromised the personal information of 690,000 policyholders.

Feb. 1 — The U.S. Department of Health and Human Services announced Children’s Medical Center of Dallas agreed to pay $3.2 million civil money penalty for impermissible disclosure of unsecured electronic protected health information and non-compliance over many years with federal security standards.

Jan. 20 — Ohio State Veterinary Medical Center in Dublin, Ohio, alerted 4,611 clients that their personal data is at risk due to a data breach caused by malware infection.

Jan. 18 — CoPilot Provider Support Services, a healthcare provider in Hyde Park, New York, announced personal information of some 220,000 people is at risk after one of its databases was accessed by an unauthorized third party.

Jan. 17 — Sentara, a healthcare provider servicing Virginia and North Carolina, said personal information of 5,454 patients is at risk due to data breach at a third-party vendor.

Jan. 17 — Children’s Hospital of Los Angeles warned 3,600 patients their personal data is at risk due to theft of an unencrypted laptop in October.

Jan. 13 — Protenus reported fewer patient records were stolen in healthcare data breaches in 2016 (27.3 million) than 2015 (113 million), but there were more data breaches in 2016 (450) compared to 2015 (253).

Jan. 13 — The Delaware Department of Insurance announced the personal information of 19,000 members of Highmark Blue Cross Blue Shield of Delaware is at risk following a data breach at two of the healthcare provider’s subcontractors.

Jan. 13 — Three Pennsylvania Superior Court judges uphold lower court ruling that healthcare provider UPMC, which suffered a data breach in which personal information of 62,000 employees was stolen, is not under any obligation to keep its employees data safe.

Jan. 9 — Presence Health in Illinois agreed to pay $475,000 to settle a case with the U.S. Department of Health and Human Services over the untimely reporting of a breach of protected health information.

Jan. 6 — California Department of Insurance found a data breach that compromised 78.8 million consumer records at health insurer Anthem was performed on behalf of a foreign government.

Unfortunately, this list barely scratches the surface. But it does help explain the uptick in healthcare cybersecurity spending. For anyone still not convinced, they should read the 2017 Healthcare Cybersecurity Report.

To see more detail on the datelines above, along with hyperlinks to the sources, go to the Breach Diary (updated quarterly).

Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.

Copyright © 2018 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)