Banner

Article

Healthcare, Pharma Lag in Cybersecurity Effectiveness

Author(s):

Laura Joszt

Although recent high-profile data breaches have been in the retail sector, healthcare and pharmaceutical companies have even worse cybersecurity practices.

While high-profile data breaches at companies like Neiman Marcus and Target gained attention in the last 6 months, the healthcare industry is at even larger risk.

According to a new analysis by BitSight Technologies, health industry groups in the S&P 500 have worse security practices than companies in the finance, utilities, and retail sectors. Both the healthcare and pharmaceutical sectors had a high volume of security incidents and slow response times from April 2013 through March 2014.

“Based on our analysis, it is clear that organizations that treat cyber security as a strategic issue perform better than those that view it as a tactical one,” Stephen Boyer, BitSight co-founder and chief technology officer, said in a statement. “This partially explains the superior Security Ratings of financial institutions and electric utilities in the S&P 500 compared to retailers and healthcare companies.”

BitSight Security Ratings range from 250 to 900—higher ratings equal higher security performance. The average rating in the healthcare and pharmaceuticals industry was 660, just below retail’s 685 and far below utilities’ 751 and finances’ 765.

The healthcare and pharmaceutical sectors had the largest percent increase in the number of security incidents during the April 2013 to March 2014 time period, according to the report. Furthermore, the average event lasted 5.3 days, which is longer than any other industry.

“In our recent assessment of medical devices used in clinics and hospital around the country, weak encryption, lack of key management, poor authentication and authorization protocols, and insecure communications were all common findings,” Chandu Ketkar, technical manager at Cigital, said in a statement. “These gaps in security can lead to a compromise in data confidentiality and integrity. When sensitive data is compromised, it can not only create risks for patients, but also expose health care providers and device manufacturers to regulatory and business risks.”

Data breaches in the healthcare industry are taken very seriously, particularly in the wake of the new HIPAA Omnibus Rule. For instance, WellPoint was penalized $1.7 million for inadequate protection of members’ information. Penalties are tallied on a per person, per day basis.

Related Videos
Victor J. Dzau, MD, gives expert advice
Victor J. Dzau, MD, gives expert advice
Related Content
© CW Advisors LLC
October 9th 2024

3 cornerstones young physicians need for a strong financial foundation

VIDEO: The Costs of EHR
April 15th 2015

VIDEO: The Costs of EHR

healthy diet concept: © aamulya - stock.adobe.com
February 9th 2024

How to guide patients to healthy eating habits

VIDEO: The Challenges of EHR Adoption
April 14th 2015

VIDEO: The Challenges of EHR Adoption

physician doctor team taking morning coffee break: © everythingpossible - stock.adobe.com
December 22nd 2023

Fixing a broken heart; dry powder vaccines; Surgical Barbie – Morning Medical Update

physician doctor hands with morning coffee: © kwanchaichaiudom - stock.adobe.com
December 21st 2023

Youth movement against cholesterol; hospital coffee machines as bacteria havens; HHS takes aim at poor maternal health - Morning Medical Update