Guest Column | February 18, 2020

Healthcare Providers Must Protect Patient Data In 2020: Here's Why

By Isaac Kohen, Teramind

data security

Quality healthcare is predicated on a simple principle: first, do no harm. The Hippocratic Oath serves as the sector’s centuries-old lodestar that ensures that doctors, nurses, and other healthcare providers are always working toward a singular goal of promoting positive patient health outcomes.

In 2020, this concept is being redefined, expanding beyond just patient care best practices to encompass data security, a critical but increasingly fraught element of our modernizing healthcare system.

Since healthcare companies collect copious amounts of personal data, these institutions are more and more the target of data theft, which has a ready market on the Dark Web or can be deployed in other, more malicious cyberattacks. Therefore, if providers are going to offer the best patient care, they need to count data security as a critical component of holistic healthcare.

Simply put, 2020 has to be the year that healthcare providers begin taking data security seriously. Here’s why.

#1 Healthcare Data Loss Is Expensive

According to IBM’s 2019 Cost of a Data Breach Study1, the healthcare industry boasts the highest average cost of a breach, reaching $6.45 million this year. At $429 per record, the cost of a compromised healthcare record is nearly twice as high as the next most expensive industry.

Collectively, healthcare data breaches cost $4 billion in 20192. That number is almost certain to continue climbing as providers continue collecting significant amounts of patient data while struggling to adapt to a shifting threat landscape. By 2027, global healthcare storage is expected to have a total market of more than $9 billion3, up from $2.4 billion in 2018. This growth will only accent the opportunities for data loss and misuse, and data privacy standards demand improvement.

In addition to Europe’s GDPR, data privacy regulations, like California's Consumer Privacy Act and New York’s SHIELD Act, will add additional financial repercussions to a breach. Undoubtedly, the industry is heading toward more stringent regulatory standards, and this will contribute to increasingly higher costs associated with a data breach4.

Incredibly, many healthcare companies are expected to continue expanding IT budgets. Both Forrester and Gartner estimate that many companies will increase their spending by nearly 9 percent in the year ahead5, money that can make a big difference if applied in the right ways. The cost of preventing a data breach is just a small fraction of the penalties incurred from a data loss event, which is an equation that all companies need to consider in 2020.

#2 Healthcare Data Loss Is Pervasive

Healthcare companies collect peoples’ most sensitive personal information but securing that data has continued to plague healthcare providers and their patients. 2019 was the worst year on record as month after month set new records for the number of data breaches and compromised records.

Just halfway through 2019, more healthcare records were compromised than in all of 2016, 2017, and 2018 combined6, a startling reality that speaks to the importance of improvements in healthcare data security.

It’s estimated that 93 percent of all healthcare companies endured a data breach in the past several years, meaning that data security is a pervasive problem for the entire sector. In the U.K., two-thirds of all healthcare organizations experienced a data breach7 in 2019 alone.

#3 Healthcare Data Loss Is Often Preventable

Despite the devastating consequences of a data breach, too many organizations continue to operate as if a data privacy incident is inevitable. However, in reality, these organizations can effectively combat the vast majority of data security threats coming their way.

Between January 1, 2019 and June 20, 2019, human error was attributed to 60 percent of all healthcare data breaches8. Similarly, another study found that insider threats account for nearly 60 percent of healthcare-related data breaches9.

For instance, an employee at a Chicago children’s hospital compromised patients’ PHI10 after accessing data sets that extend outside his purview. In a similar case, a Nebraska Medicine employee accessed patient medical records11 for months without anyone noticing. Both instances are indicative of the insider threat landscape that could compromise patient data.

Insider threats are especially challenging in the healthcare sector, where nearly all employees interact with sensitive data, and the opportunities for failure are immense. When looked at holistically, insider threats also include employees engaging with phishing scams, like the one experienced by Presbyterian Healthcare Services that compromised PII for 183,000 patients12, and account for a growing number of data breaches.

Collectively, a company’s own employees comprise the most potent threat to data security, and healthcare providers can improve their defensive posture by implementing oversight software and training initiatives to promote and maintain high data privacy standards.

#4 Healthcare Data Loss Erodes Patient Trust

Ultimately, when healthcare providers fail to protect their data, they harm the very people they are entrusted to protect – their patients. Many patients don’t discover that they were victimized by a data breach until it’s too late. According to one survey, 40 percent of victims were only notified that their PII was compromised13 when they received credit notes because of fraudulent expenses made in their names.

While reputational damage can be challenging to quantify, if it means that patients are less likely to trust their doctors and wellness providers, the damage – regardless of the dollar amount – is already done.

Patients already entrust their lives to their healthcare providers, and these immensely qualified professionals have promised to always put their patients’ best interests first. Now that means that providers have to do a better job of protecting PII, PHI, and other personal details.

Regulatory standards demand excellence in this regard, patients are clamoring for companies that will secure their data, and the bottom-line is increasingly impacted by it.

In 2020 and beyond, it’s time to expand our expression of the Hippocratic Oath. When it comes to collecting and storing patient data, first do no harm.

Author The Author

Isaac Kohen is VP of R&D of Teramind, a leading, global provider of employee monitoring, insider threat detection, and data loss prevention solutions. He recently authored the e-book: #Privacy2020: Identifying, Managing and Preventing Insider Threats in a Privacy-First World. Follow on Twitter: @teramindco.