FRAMINGHAM, Mass.--(BUSINESS WIRE)--IDC Health Insights today announced a new report, Business Strategy: Thwarting Cyber Threats and Attacks Against Healthcare Organizations, (Doc #HI251775). The new report features findings from the 2014 IDC Insights Cross Industry Cyber Threat Survey, designed to gauge how financial services, healthcare provider organizations, and retailers are responding to increasing cyber threats and the impact of successful attacks on business operations. This IDC Health Insights study also highlights how healthcare organizations are investing in their cyber strategy to protect their most valuable electronic assets.
- ClicktoTweet: New IDC Health Insights Report Identifies Impact of Cyber Threats and Successful Attacks Against Healthcare Organizations
Today's healthcare organizations are at greater risk of a cyber attack than ever before, in part because electronic health information is more widely available today than in the nearly 20 years since the Health Insurance Portability and Accountability Act was passed in 1996. Cyber criminals view healthcare organizations as a soft target compared to financial services and retailers because historically healthcare organizations have invested less in IT, including security technologies and services, than other industries, thus making them more vulnerable to successful cyber attacks. The value of health information, which can be used to commit medical fraud, is surpassing the value of social security and credit card numbers on the black market, thus increasing the attractiveness of stealing health information.
Key findings include:
- After the physical loss or theft of a laptop, mobile or portable device, malicious hacking, or IT incident, was the most common breach reported on the Department of Health and Human Services (DHHS) Web site. In 2013, 20 (out of 175) breaches related to hacking or an IT incident represented 9% of the individuals affected and 11.4% of the attacks.
- All respondents of the 2014 IDC Insights Cross Industry Cyber Threat Survey reported that they had experienced a cyber attack in the past 12 months; 39.4% reported that they were attacked more than 10 times and 27.1% of the attacks were described as "successful attacks."
- Security is a top IT initiative for health care providers. In 2014, according to the 2014 IDC Global Technology and Industry Research Organization IT Survey, security and risk management technologies was the number 1 initiative (29.0%). In 2013, it was also the top ranked initiative (20.1%).
- Approximately one out of four cyber attacks had an impact on normal business operations. The majority of respondents (52.2%) indicated that the shortest impact lasted less than an hour and 43.3% reported that the longest duration was between eight and 24 hours.
- The overwhelming majority of healthcare executives reported that their spending on cyber threats increased (59.6%) or stayed the same (38.3%) over the last three years. On average, the increase for those respondents that reported an increase was 14.8%.
- Consumers highly value their privacy according to a recent 2014 IDC Insights Cross-Industry Consumer Experience Survey, but are not as confident that healthcare organizations were adequately protecting their data. Concerned consumers are willing to end a healthcare relationship after a breach, including changing their care providers (21.6%) and changing health plans (5%).
According to Lynne A. Dunbrack, Research Vice President, IDC Health Insights, "For healthcare organizations, it's not a matter of if they are going to be attacked but when. Healthcare cyber security strategies need to take a comprehensive approach and include not only react and defend capabilities, but also predict and prevent capabilities to effectively thwart cybercriminals.”
Cyber attacks against healthcare organizations will assuredly increase in number and level of sophistication in the next 12 to 24 months. As other industries become more proficient at thwarting cyber attacks, cyber criminals will continue to cast their nets wider to find vulnerable information assets to exploit. IDC Health Insights expects over time that spending allocations will change to support predict and prevent security strategies rather than defend and remediate strategies.
According to the new report, to take a more proactive stance in protecting themselves against cyber threats and attacks, healthcare organizations will need to invest in threat intelligence reporting, which combines reports from security vendors and the organization's own network logs. Predictive analytics can then be applied against these external and internal data feeds to help identify behaviors that suggest that systems are being compromised and under attack.
For additional information about this report or to arrange a one-on-one briefing with Lynne Dunbrack, please contact Sarah Murray at 781-378-2674 or sarah@attunecommunications.com. Reports are available to qualified members of the media. For information on purchasing reports, contact insights@idc.com; reporters should email sarah@attunecommunications.com.
About IDC Health Insights
IDC Health Insights assists health businesses and IT leaders, as well as the suppliers who serve them, in making more effective technology decisions by providing accurate, timely, and insightful fact-based research and consulting services. Staffed by senior analysts with decades of industry experience, our global research analyzes and advises on business and technology issues facing the payer, provider and life sciences industries. International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology market. IDC is a subsidiary of IDG, the world's leading technology, media, research, and events company. For more information, please visit www.idc-hi.com, email info@idc-hi.com, or call 508-935-4445. Visit the IDC Health Insights Community at http://idc-community.com/health.
