42% of Healthcare Companies Have Not Established an Incident Response Plan

Ransomware attacks, hacks, and other IT security problems are the cause of major data breach reports sent to the Department of Health and Human Services’ Office for Civil Rights, although data breaches concerning physical documents are likewise common. The Verizon Data Breach Investigations Report showed that exposed physical files made up 43% of all data breaches in 2021, which emphasizes the importance of data security options to be enforced addressing all kinds of information.

The healthcare market is greatly attacked by cybercriminals and cyberattacks grew throughout the pandemic. Healthcare cyberattacks grew by 73% in 2020, with those breaches contributing to the compromise of 12 billion pieces of protected health information (PHI), as per the 2021 Data Protection Report lately publicized by Shred-It.

The report is based upon a detailed survey of C-level professionals, small- and medium-sized enterprise owners, and customers all over North America and pinpoints a few areas where companies could strengthen their protection versus internal and external threats.

Healthcare data breaches are the priciest of any sector. The typical cost is $9.23 million per case and data breaches including ransomware attacks endanger patient safety . 62% of healthcare providers claimed they believed a data breach can be expensive, with 54% indicating a data breach might have a serious effect on their good reputation. 56% of surveyed healthcare businesses stated they have earlier encountered a data breach, and 29% mentioned they had suffered a data breach in the past 12 months.

Because of the requirement to follow HIPAA, healthcare providers were better geared up than other sectors to avoid and manage security incidents. Around 65% of surveyed healthcare companies claim they have the correct information security solutions and resources. Although the healthcare sector was more probable than any other sector to own an incident response plan, 42% of participants reported an incident response plan hadn’t been enforced, although having an incident response plan was shown to lessen the recovery time and decrease the expense of a data breach.

75% of healthcare companies mentioned data security is a number one priority in their business, and 61% stated they have appointed a third-party security specialist to examine their security procedures. Nevertheless, only 64% use information security policies, below half (48%) have typical infrastructure auditing, and merely a third (33%) conduct vulnerability testing.

The survey pointed out 22% of data breaches were caused by errors by staff members. The major challenges to employees sticking with data security policies and measures were:

  • 49% – lack of understanding of the threats and problems
  • 41% – lack of accessibility to or comprehending guidelines
  • 10% – insufficiency of constant training and security awareness programs

Though the healthcare market is better equipped compared to some other markets, the survey reveals there is considerable room for betterment. Shred-It advises that healthcare companies should establish an extensive plan addressing all data, utilize a data minimization plan, make use of the cloud, make investments in endpoint detection and response systems, create an incident response plan, and encrypt all information on-site, online, and in transit.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.