Healthcare News & Insights

Is your hospital prepared to handle problems with IT security?

A major breakdown in IT security could cost your hospital millions – have you fully assessed your risk?

161906068Given the results of a recent survey of hospital IT professionals conducted by MeriTalk, an organization dedicated to improving health IT, many hospitals haven’t.

In fact, a news release about the study contained this sobering statistic: 82% of health IT execs said their organization isn’t prepared for the unexpected when it comes to IT security.

And a good chunk of them are paying for it: 19% reported a security breach in the last 12 months, with an average cost of $810,189 an incident. That’s at least $459 million being spent each year.

The top causes of these data breaches were:

  • Malware/viruses (58%)
  • Outsider attacks (42%), and
  • Physical security (38%).

Not just breaches

The risk of data breaches isn’t the only IT security issue hospitals have to worry about. According to the survey, health IT pros also have had significant problems with data loss (28%) and unplanned outages (40%) in the past year.

The top two causes of those issues: Hardware failures and loss of power.

Lost data and IT outages may not come with the same consequences as a security breach, but they’re almost as costly. Each incident of data loss cost hospitals an average of $807,571, while outages racked up a price tag of $432,000 a piece.

Boosting IT security

With so much at stake for hospitals, IT security problems need to be kept at a minimum. The execs surveyed said they planned on avoiding future problems by putting some effective solutions in place, including:

  • conducting a HIPAA security risk analysis as part of EMR meaningful use requirements, 46%
  • using Single Sign On (a system that allows a staffer to enter one name and password to log into multiple applications) and authentication for Web-based applications and portals, 44%
  • utilizing audit tools and log management, 43%
  • encrypting patients’ protected health information (PHI), 42%
  • implementing multi-factor authentication for clinical staff who access hospital networks remotely, 35%
  • reviewing security analytics to help with breach prevention, 32%
  • having centralized management and authenticated access to health information, 31%, and
  • using data loss prevention software to monitor the location and flow of sensitive data, 29%.

Making any (or all) of these solutions part of your hospital’s IT security plan will lead to a better outcome should you encounter any issues. Considering the cost of a breach, data loss incident or outage, setting aside money in your budget to shore up IT security is well worth it.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.