In the news we continue to hear more and more each day about cybersecurity threats in our country. Some people, unfortunately even hospital board members making budget decisions, believe that the threat to cybersecurity is inflated. However, statistics show that the threat is very real, and very worrisome. According to market research conducted by Ipsos, over 30% of all large data breaches target hospitals. The survey showed that 48% of hospitals had a shutdown related to an external hack or query in the last six months. Most troubling however, was that only 11% of hospitals listed cybersecurity as an area of high priority.
According to the Healthcare Information and Management System Society’s (HIMSS) annual healthcare cybersecurity survey in 2018, over 75% of hospitals said they had experienced a significant security incident within the last 12 months. These alarming statistics show that there is a true threat to cybersecurity for all hospitals, and that threat must be addressed.
The first step is ensuring that those in charge of making budget decisions place cybersecurity as a high priority. Helping them to understand the true threat and the complexity of the problem is difficult. While hospitals face many of the same challenges as other businesses when it comes to internal politics, it becomes much more complex for hospitals. Like other organizations, they have a variety of departments, such as finance, IT, human resources, etc.; however, hospitals also have separate departments by specialties: cardiology, pediatrics, radiology, etc. To make things more complex, each of these departments has totally different equipment needs, different workflows, and highly specialized labor forces.
When a hospital is having to consider all these complex internal politics and individual department needs, it becomes difficult to convince those in charge to invest in cybersecurity. However, the bottom line is, they need to make the investment now, or they will be paying for the lack of investment in the future.
According to the Ipsos survey, the financial impact on hospitals for their cybersecurity incidents was significant. Larger hospitals suffered an average of 6.2 hours per shutdown at a loss of $21,500 per hour, that’s an average loss of $133,300 per attack. Midsize hospitals faced even more significant losses, with an average of 10 hours per shutdown at a loss of $45,700 per hour, that’s an average of $457,000 per attack. This does not take into account the hit that a hospital takes to their reputation when it is known they underwent a cybersecurity attack. Patients worry about their care and their data.
Massachusetts Institute of Technology conducted a study in 2018 targeted toward helping hospitals and cybersecurity developers to form a system of hospital cybersecurity in the United States. They determined that the main focus of chief information officers and chief information security officers should be on reducing endpoint complexity and improving internal stakeholder alignment. Implementing these strategies can solve cybersecurity problems more effectively than blindly pursuing more resources.
Genesis Medical Management encourages hospitals to invest wisely into their cybersecurity. This is a necessary step to protect their financial assets, equipment, patients, staff, and their reputation. Contact Genesis Medical Management for assistance with your hospital’s operational management, growth strategies, revenue cycle, and real estate development.
Let's Grow Together!
We look forward to learning about your healthcare business to discover how GMM can create a profitable solution!