Consultants to Contact
- Allison Young - Vice President & Consulting Actuary (Dallas)
- Bonnie Albritton - Vice President & Principal (Dallas)
- Brian Rankin - Vice President & Principal (Washington, D.C.)
- Brian Stentz - Vice President & Principal (Dallas)
- Cabe Chadick - President & Managing Principal (Dallas)
- Chris Merkel - Senior Vice President & Principal (Kansas City)
- David Dillon - Senior Vice President & Principal (Dallas)
- Daniel Moore - Vice President & Senior Consulting Actuary (Dallas)
- David Palmer - Vice President & Principal (Baltimore)
- Glenn A. Tobleman - Executive Vice President & Principal (Dallas)
- Heather Robinson - Senior Consultant & Director - Underwriting (Kansas City)
- Jamie Fender - Vice President & Consulting Actuary (Dallas)
- Jason Dunavin - Vice President & Senior Consulting Actuary (Kansas City)
- Jeffrey D. Lee - Vice President & Consulting Actuary (Kansas City)
- Josh Hammerquist - Vice President & Principal (Dallas)
- Jing Qian - Vice President & Consulting Actuary (Dallas)
- Jacqueline Lee - Vice President & Principal (Dallas)
- Kevin Ruggeberg - Vice President & Senior Consulting Actuary (Dallas)
- Kim Shores - Vice President & Principal (Kansas City)
- Muhammed Gulen - Vice President & Legal Consultant (Dallas)
- Moshe Nelkin - Senior Consulting Actuary (Dallas)
- Mark Stukowski - Vice President & Principal (Denver)
- Patrick Glenn - Vice President & Principal (Kansas City)
- Robert Dorman - Vice President & Consulting Actuary (Dallas)
- Traci Hughes - Vice President & Senior Consulting Actuary (Dallas)
- Tom Roberts - Vice President & Consulting Actuary (Dallas)
- Vickie Goodman - Vice President & Director - Compliance (Kansas City)
Testimonial
Over the last several years companies have sharply increased the importance they place on robust data security and preventing data breaches. As the vast majority of major health care companies have experienced data breaches in the last two years alone, it seems as though the large amount of money being spent on cybersecurity is not providing sufficient security.
Today, more than 4 in every 5 major health care providers and insurers – those with at least $500 million in revenues each year – have acknowledged that they've suffered some sort of “cyber-attack” in the last two years alone, according to a new study from KPMG. The problem, though, was only about 2 in 3 insurers, and a little more than half of care providers said that they were ready to handle such an attack if it happens to them, and only 1 in 6 or so said that they could do so in real time.
Worrisome results
And if those numbers weren't bad enough, it seems that many of these companies at the very least misunderstand the security issues they may face, according to the KPMG report. Health care data is fairly “information rich,” meaning that if a security system is breached, hackers have access to a treasure trove of rather valuable sensitive data. Despite this, only about 13 percent of these companies said that they are probed for an attack about once per day or more. Another 38 percent believe they're attacked multiple times per week, and 44 percent think it's even less than that.
Michael Ebert, KPMG partner and health care leader of its cyber practice, points out that this probably reflects lack of threat recognition, or not even knowing that they're being attacked, the report said. In fact, about a quarter of the executives polled admitted that they don't know whether they can detect such an attack.
What are the big threats?
When it comes to data security, 65 percent of those polled indicated a concern about attacks coming from the outside, with another 48 percent expressing concern about sharing sensitive information with third-party vendors, the report said. Meanwhile, worries about employees stealing data themselves, or having it stolen from wireless connections were likewise cited by 35 percent apiece. Finally, 27 percent fret about their systems' firewall protections not being up to snuff.
Among the threats that appeared biggest to those executives, meanwhile, were malware getting into their systems (cited by 67 percent), and HIPAA violations as a result of data being stolen (57 percent), the report said. Another 2 in 5 said that they worried about their “internal vulnerabilities,” while 32 percent were concerned with how medical devices protected data themselves, and 31 percent said that they might need to upgrade their hardware.
This is a major issue for health care providers and insurers alike to monitor closely in the coming months and beyond. The ability to properly protect such data may end up saving them hundreds of thousands of dollars or more in the event of a successful attack.