Cybercrime is no joke, but many organizations still don't take data protection seriously. Unfortunately, recent reports suggest that health care firms are among those businesses and associations that fail to properly invest in strong data security.
According to CNBC - which cited Forrester data - hospitals, practices and insurers spend approximately 14 percent of their IT allocations on cybersecurity, which is way below the average of just over 20 percent. Forrester analyst Stephanie Balaouras told the source that these health care providers and insurance companies simply set out to achieve compliance with the Health Insurance Portability and Accountability Act, and once they have security standards aligned with those industry requirements, their cybersecurity jobs are wrongfully assumed to be complete.
"When it comes to preparedness, [health care organizations are] woefully behind and that, to me, is the most concerning thing," said Balaouras, as reported by CNBC. "They've done it begrudgingly and they've done it as something that they need to comply with at the lowest possible cost, as opposed to something they really embrace."
"The health care industry is one of the biggest targets for cybercriminals."
Putting a price on private information
The lack of sufficient investment is bad news to say the least, as the health care industry is one of the biggest targets for cybercriminals. Simply put, health care data and other personally identifiable information contained within medical records is worth a lot to hackers, and they will stop at nothing to infiltrate networks and exfiltrate that data. In fact, Martin Walter, senior director at RedSeal, told NetworkWorld that health care-related information is sold for 10 times more than payment card data.
Citing a report from PwC, NetworkWorld noted that fullz and kitz - collections of personal information, the former containing all credentials and data and the latter comprising accompanying documents such as a driver's license - are sometimes sold for over $1,000 on the darknet. Meanwhile, CNBC reported that an electronic health care record alone is worth $50 on average. Clearly, the market for stolen information is ripe for health-related data.
The solution to health care cybersecurity
The Forrester study cited by CNBC recommended that organizations affiliated with health care should encrypt sensitive information. Sometimes called end-to-end encryption, cryptographically obfuscating personal records in all their forms - in storage or in email - was absolutely necessary a few years ago, let alone in 2015.
Data-centric cybersecurity solutions such as CloudMask are perfect for the health care industry, as they not only ensure HIPAA compliance, but go beyond those standards, allowing professionals, insurers and doctors to encrypt data, regardless of its state. That said, security budgets don't necessarily need to grow, as long as the tools and systems being leveraged can prevent data breaches.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmask
