When Electronic Health Records were first installed into hospitals and networks, it was seen as a great innovation. However, an important step in their implementation was glazed over: ensuring their security. According to Politico, hacks related to security lapses have cost the healthcare industry around $6 billion a year.
In cyber-insurance, where the market is growing around 20-25% per year, why are these security issues not being addressed? Some of the nation's biggest healthcare providers have already suffered data breaches: Anthem, Premera, CareFirst BlueCross BlueShield, and CommunityHealth Systems. Together, they account for the health records of about 95 million Americans. The high cost of these hacks also weighs heavily on the consumer: if you are one of the 95 million who has had their records stolen, it can result in identity or financial theft, along with thousands of dollars in legal fees needed to restore them.
So, why are the bad guys winning this battle against big health insurers? Lisa Gallagher, a cyber-security expert at the Healthcare Information and Management Systems Society, said that 10% of Information Technology budgets in healthcare should be spent on security (with that number shooting up to 40% if the company has just started using electronic health records, according to Michael Garvin at Symantec) – yet the industry average hovers at around only 3% of their budgets.
This gap presents a huge problem - not only are consumers at risk of having their information stolen, but the very insurers being hacked are at risk of losing business because of it. On Capitol Hill, there has been a rallying cry to address cyber-security threats – but legislation does not resolve the issue when insurers either can’t or won’t spend more on beefing up security.
It’s clear that prioritizing security must be at the forefront of the agenda for the healthcare industry. Identifying possible vulnerabilities and building an infrastructure to deal with the evolving threat of hackers is necessary – but this requires attention to and visibility into your systems. Security and innovation must go hand in hand, or else you risk a situation where billions may be spent to improve services and increase revenue, and then promptly lost because they were built improperly.
On both the consumer and industry side, it is a lose-lose situation. It may be time to change that dynamic.
To read the full article on Healthcare record security visit here.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.