Healthcare breach costs hit an all-time high in 2021.
IBM Security has published its annual Cost of a Data Breach Report, and along with it comes troubling news for the Healthcare industry. Breach costs have now risen to their highest recorded levels since cost-tracking began 17 years ago - to the tune of almost $10m on average for a single Healthcare data breach. This is, unfortunately, par for the course, as a key finding in the report lists Healthcare as having had the highest industry cost of a breach for 11 consecutive years.
The COVID-19 Pandemic has added fuel to the fire, with more and more healthcare workers going remote without the proper technical safeguards in place to support remote work. According to IBM, data breach costs were $1 million higher when remote work was a factor in the breach. In 2020 alone, nearly 20% of all breaches that occurred cited remote work as a factor in the breach.
Remote work increases vulnerabilities
This sudden shift to remote work has placed large operational burdens on legacy infrastructure and forced many organizations to quickly adopt new cloud-based technologies and tools. Not all of these tools are secure, however, and any vendor that handles PHI needs to be thoroughly assessed to ensure HIPAA compliance. Some of these tools could even be nefariously accessing your data without your knowledge.
These insecure tools are now the 4th highest cause of a breach, with an average cost of $4.33 million when vulnerabilities in third-party software are to blame. This problem is exacerbated when mobile devices and BYOD (bring your own device) policies are combined because many third-party vendors do not employ the proper technical safeguards to make PHI access on these devices secure and restricted.
The new normal in Healthcare
As the Healthcare industry rapidly modernizes in the face of COVID-19, telehealth and cloud-based workflow tools are becoming the new normal. Among these are mobile document scanning apps.
Odds are your organization is actively using or looking to use some form of mobile document scanning application. These applications allow your remote staff to instantly capture and send documents to the back office in real-time, reducing the time it takes for vital information to flow into the patient chart. There are many great options available, however, many of these apps are not HIPAA-compliant. This means that the use of these applications is putting your organization at risk of the 4th most common cause of a breach - third-party software vulnerabilities. This could result in a loss of $4.33 million dollars to your organization.
How to mitigate your chance of a breach
The problem is no longer just about bringing Healthcare into the digital age, it's about doing so while safeguarding patient records in a time where more than 1/3rd of Healthcare organizations are affected by Ransomware.
One of the key security recommendations in the 2021 IBM Security report is to "Protect sensitive data in cloud environments using policy and encryption". As part of your due diligence and security assessment, you should ensure any vendor handling PHI does at least the following:
It is clear that in the post-COVID-19 era Healthcare organizations are finally embracing modern technologies now more than ever. However, attacks are also growing in size and sophistication on a daily basis, and Healthcare organizations need to act now for the best chance of preventing a breach.