Healthcare Data Breaches to Triple in 2021

Written by

Data breaches in the healthcare industry are likely to triple in volume in the coming year, according to a new report by Black Book Market Research.

The "2020 State of the Healthcare Cybersecurity Industry" report is based on a survey of 2,464 security professionals from 705 provider organizations. Respondents were asked to identify gaps, vulnerabilities, and deficiencies in security that make hospitals and physicians susceptible to data breaches and cyber-attacks. 

The survey results suggest that 1,500 healthcare providers are vulnerable to data breaches of 500 or more records, representing a 300% increase over 2020.

Nearly threequarters (75%) of health system, hospitals and physician organizations surveyed reported that their infrastructures are unprepared to respond to attacks. Almost all (96%) felt that data attackers are outpacing their medical enterprises, placing providers at a disadvantage.

A further Black Book survey of 291 healthcare industry human resources executives found that the talent shortage of cybersecurity professionals far exceeds the demand by health systems. Researchers found that cybersecurity roles in health systems take, on average, 70% longer to fill when compared to other IT jobs.

"The talent shortage for cybersecurity experts with healthcare expertise is nearing a very perilous position," said Brian Locastro, lead researcher on the "2020 State of the Healthcare Cybersecurity Industry" study.

Locastro added that the industry's response to ransomware attacks had spurred cyber-criminals on.

He said: "The willingness of hospitals and physician practices to pay high ransoms to regain their data quickly motivates hackers to focus on patient records."

The survey of security professionals found that 75% of the 66 CISOs at health systems who responded agreed that experienced cybersecurity pros were unlikely to pursue a career in the healthcare industry. 

The reason given for this was that CISOs in healthcare, more than in other industries, are held responsible for data breaches and their impact on an organization's finances and reputation while at the same time having extremely limited authority over decision-making, technology, or policy.

Furthermore, the study revealed that 90% of health system and hospital employees who are now working remotely due to the outbreak of COVID-19 were not given any updated security guidelines or training on accessing sensitive patient data.

What’s hot on Infosecurity Magazine?