Banner

Article

Healthcare and pharma cyber security rated worst in S&P 500

Healthcare and pharmaceutical companies have the worst cyber security among the S&P 500, and could suffer from wide-scale security breaches in 2014 similar to those experienced by retail companies such as Target and Neiman Marcus, according to a recent report.

Healthcare and pharmaceutical companies have the worst cyber security among Standard & Poor’s (S&P) 500, and could suffer from large-scale security breaches in 2014 similar to those experienced by retail companies such as Target and Neiman Marcus, according to a recent report.

BitSight Technologies, a securities ratings company, examined the cyber health of companies on the S&P 500, and found that 82% had been victims of some sort of security breach. Healthcare and pharmaceutical companies ranked the lowest among the four industry categories studied, because of its high volume of incidents and slow response times.

The finance industry ranked best in cyber security, followed closely by the utilities industry. The retail industry, which was rated with a poor performance, came in third. The finance industry has made cyber security a priority and a part of business operations, which led to it outperforming other sectors, according to the study.

“Financial institutions spend more on cyber security than their peers in other industries, and the largest ones tend to go well beyond the measures mandated by government and industry groups,” say the study’s authors. “Many of them share information on emerging industry level threats with their peers in the FS-Information Sharing and Analysis Center, an industry forum.”

When a security event occurs, healthcare and pharmaceutical companies take more than five days, on average, to resolve the situation, while finance companies take less than four days, on average, according to the study. These factors make the healthcare and pharmaceutical industries most vulnerable to large data breaches in 2014.

“Unlike the financial institutions and electric utilities in the S&P 500, the healthcare and pharmaceutical companies do not view cyber security as a strategic business issue,” the study’s authors said. “They do not spend enough resources to protect their data, in part because cyber security has not received the executive level attention it deserves.”

The study’s authors questioned whether the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) is enough to protect healthcare data, because the majority of security breaches occur from stolen or lost devices such as laptops and servers. 

“In general, this sector tends to spend only the resources required to be compliant with regulations such as HIPAA, and compliance does not equate to security. More prescriptive controls and better enforcement of HIPAA would certainly help improve security in the healthcare sector, along with a greater emphasis on security throughout these businesses,” say the study’s authors.

Related Videos
Jay W. Lee, MD, MPH, FAAFP headshot | © American Association of Family Practitioners
Dermasensor
Related Content
© Studio Romantic - stock.adobe.com
November 22nd 2024

Are telehealth visits for pediatric primary care associated with higher rates of health care utilization?

Ep 40: Malpractice caps and nuclear verdicts with Bob White, the Doctors Company
September 20th 2024

Ep 40: Malpractice caps and nuclear verdicts with Bob White, the Doctors Company

© fizkes - stock.adobe.com
November 21st 2024

70% of Americans want primary care providers to address mental health

Ep 34: U.S. Rep. Earl L. 'Buddy' Carter on physicians getting involved in policy
June 28th 2024

Ep 34: U.S. Rep. Earl L. 'Buddy' Carter on physicians getting involved in policy

© Barclay Damon LLP
November 21st 2024

Physician discipline in the new age of telehealth

© shevchukandrey - stock.adobe.com
November 20th 2024

USPSTF releases the 14th Annual Report to Congress on High-Priority Evidence Gaps for Clinical Preventive Services