In February 2015, Anthem, the second-largest health insurance provider in the United States, announced that the data from more than 80 million customers had been compromised by hackers. The information stolen included names, birthdates, social security numbers and contact information. While security breaches of the past have yet to inspire most healthcare companies to increase security measures, Anthem’s breach may push the industry to evaluate current practices and enact further changes to protect consumer data.
Healthcare’s Need to Increase and Improve Security
According to the Arizona Republic, the healthcare industry is a particularly vulnerable industry in terms of cyber security. In the past year, there have been more than 79 breaches in the healthcare industry. This number will likely rise dramatically as the black market value of stolen medical data increases: Reuters reports that medical data is already 10 to 20 times more valuable than stolen credit card information.
The biggest problem is the lack of improvements in cyber security. Both medical care providers and insurers have relatively low-security levels and often rely on antiquated technology compared to other consumer-centered industries. In 2014, Insurance Journal reported that the FBI had even stepped in to warn companies of the potential for breaches and the need to reevaluate security systems.
The Financial Impacts of the Anthem Security Breach
The St. Louis Business Journal estimates that the Anthem security breach could potentially cost medical companies $8-16 billion. Despite this price tag, CNet reports that the company only has $100 million in cyber security insurance leaving a big gap.
However, Anthem’s situation is not unusual. The St. Louis Business Journal notes that, despite recent security breaches, healthcare companies are reluctant to provide higher levels of coverage. According to CIO, only 3% of healthcare providers’ IT budgets, on average, are spent on protecting against data breaches. This is largely due to the relative newness of cyber security threats. According to Modern Healthcare, patients’ concerns are also a factor in the lack of investment. Because past breaches have only been moderately inconvenient for those affected, it has not inspired the real consumer outrage it will take to convince healthcare to act.
On the other hand, there are some signs the industry is ready to act. While the spending increase may not be significant or enough, Modern Healthcare reports that investments in both infrastructure and manpower have slowly increased on the heels of breaches in banking and retail industries. The Anthem event may be the catalyst for healthcare companies to continue or ramp up these measures whether it be in hiring more skilled staff or implementing more advanced security technologies.
Anthem Security Breach Brings Security Weaknesses and Improvements to Light
While industry leaders are sometimes reluctant to enact large-scale technology and security measures, an investment in making small changes can go a long way towards a safer, more secure healthcare system. Ultimately, the future of the industry will depend on an investment in infrastructure and security manpower to help ensure that this sensitive, private information remains only in the hands of those who should have access to it.
Contact us to learn more about how can help your healthcare organization protect its sensitive data.