Skip to main content


Healthcare STILL Lagging in Cybersecurity

Aug 20, 2015 11:55AM ● By Med Editor

By John Hohn, Golden West Technologies

In an industry known for making advancements, unfortunately, there’s one area healthcare is still lagging behind.

A November 2014 study conducted by Bitglass found that 44% of ALL data breaches in the U.S. involved healthcare providers.   The information that was stolen was up to 50 times more valuable than credit card information. Unlike credit cards that are rendered useless after the card is cancelled by either the victim or the bank, PHI contains dates of birth, medical diagnosis, and other information that criminals can use to commit many different types of fraud.  They can continue selling the information even after the victim is aware that they have been compromised.hasn’t improved in yet—cybersecurity.  Last year, I wrote an article about a BitSight Technologies’ study that compared security rankings in healthcare to the finance, retail and utilities industries.  Healthcare came in the lowest of these four.  According to Bitsight’s Security Rating Industry Index, that statement still holds true today.   

This isn’t just about compliance anymore.  Today, it can be assumed your network has been or will be compromised.  While we should still try to prevent this from happening, it’s now more important to be able to detect and respond to these threats.  Most organizations feel a false sense of security in believing that having a firewall with endpoint security is enough. In today’s environment, it isn’t.

The following three elements are critical in developing a comprehensive security plan. 

  • Prevention – Firewall, anti-virus, spam filtering, patch management and use policies
  • Detection – Real-time analysis of security alerts using security information and event management services
  • Response – Documented and practiced set of policies, processes and procedures to adhere to in the event of a security breach

It is important that these areas have continuity in order to truly mitigate risk.  Don’t wait until your practice has become a victim.  Your patients, your business and your reputation are at risk.  It’s time for healthcare to improve its cybersecurity standings.

Bryan O'Neal is a Healthcare Technology Consultant at Golden West Technologies.