Data breaches remain a major problem for health insurers, providers

Over the last several years companies have sharply increased the importance they place on robust data security and preventing data breaches. As the vast majority of major health care companies have experienced data breaches in the last two years alone, it seems as though the large amount of money being spent on cybersecurity is not providing sufficient security.

Today, more than 4 in every 5 major health care providers and insurers – those with at least $500 million in revenues each year – have acknowledged that they've suffered some sort of “cyber-attack” in the last two years alone, according to a new study from KPMG. The problem, though, was only about 2 in 3 insurers, and a little more than half of care providers said that they were ready to handle such an attack if it happens to them, and only 1 in 6 or so said that they could do so in real time.

Worrisome results
And if those numbers weren't bad enough, it seems that many of these companies at the very least misunderstand the security issues they may face, according to the KPMG report. Health care data is fairly “information rich,” meaning that if a security system is breached, hackers have access to a treasure trove of rather valuable sensitive data. Despite this, only about 13 percent of these companies said that they are probed for an attack about once per day or more. Another 38 percent believe they're attacked multiple times per week, and 44 percent think it's even less than that.

Michael Ebert, KPMG partner and health care leader of its cyber practice, points out that this probably reflects lack of threat recognition, or not even knowing that they're being attacked, the report said. In fact, about a quarter of the executives polled admitted that they don't know whether they can detect such an attack.

Cyber security remains a huge concern for care providers and insurers.

What are the big threats?
When it comes to data security, 65 percent of those polled indicated a concern about attacks coming from the outside, with another 48 percent expressing concern about sharing sensitive information with third-party vendors, the report said. Meanwhile, worries about employees stealing data themselves, or having it stolen from wireless connections were likewise cited by 35 percent apiece. Finally, 27 percent fret about their systems' firewall protections not being up to snuff.

Among the threats that appeared biggest to those executives, meanwhile, were malware getting into their systems (cited by 67 percent), and HIPAA violations as a result of data being stolen (57 percent), the report said. Another 2 in 5 said that they worried about their “internal vulnerabilities,” while 32 percent were concerned with how medical devices protected data themselves, and 31 percent said that they might need to upgrade their hardware.

This is a major issue for health care providers and insurers alike to monitor closely in the coming months and beyond. The ability to properly protect such data may end up saving them hundreds of thousands of dollars or more in the event of a successful attack.