Dedicated to providing the latest
HIPAA compliance news

Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017

Share this article on:

The start of the year sees many worrying predictions made about healthcare cybersecurity and potential data breaches; however, Forrester Research has painted a particularly bleak picture for 2017. The firm expects data breaches on the scale of the 2015 Anthem Inc., cyberattack will be commonplace in 2017.

2016 saw more healthcare data breaches reported to OCR than in any other year. While the severity of those breaches was nowhere near as bad as in 2015, the same cannot be said of all industries. A report published last month by Risk Based Security shows that while the total number of data breaches – across all industries – was similar in 2016 to 2015, the severity of those data breaches was much worse. Large data breaches can be expected in 2017.

Forrester suggests that as healthcare organizations grow in size – through mergers, acquisitions and partnerships – the volume of patient data that each organization stores will increase. Large repositories of healthcare data will be seen as a major prize for cybercriminals and attacks on those large healthcare organizations can be expected.

Unfortunately, when healthcare organizations acquire other companies or merge with other healthcare firms, security becomes fragmented. Fragmented security makes it much more likely that vulnerabilities will be introduced that can be exploited by hackers.

The methods used to attack healthcare organizations are becoming more sophisticated and many traditional technologies are now becoming ineffective at preventing cyberattacks. Forrester also points out that many healthcare organizations are only improving their cybersecurity defenses to ensure compliance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA only requires cybersecurity defenses to be improved to ensure a minimum standard is met, not to ensure that patient data cannot be accessed by hackers.

Ensuring patient health information is safeguarded requires considerable investment in new technologies, yet the healthcare industry lags behind other industry sectors when it comes to cybersecurity defenses. Previous studies by Forrester have shown that healthcare organizations typically devote smaller percentages of their IT budgets to security.

Across all industries, the average percentage of IT budgets directed to security is 26%. For the healthcare industry it is 23%. However, the telecommunications sector devotes 35% of IT budgets to security. Forrester suggests that due to the highly sensitive nature of healthcare data and its value to cybercriminals, healthcare IT security budgets should be increased to a similar level.

In addition to a rise in massive healthcare data breaches, Forrester predicts that the number of IoT devices that are compromised will increase to more than 500,000 in 2017, leading to massive DDoS attacks even larger than those seen in the tail end of 2016.

A Fortune 1000 company failure is probable in 2017 as a direct result of a cybersecurity incident, while Forrester says President Trump will likely face a major cyber crisis in his first 100 days in office. The final prediction is a lack of cybersecurity talent will see CISOs forced to outsource as much as 25% of their security budgets to external providers of security services and automation.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On