By Susan Biddle, Sr. Director of Government, Education and Healthcare Industry Solutions, Fortinet
Medical practice consolidation is a growing trend, with smaller practices being bought out by larger healthcare systems. One intriguing result of this wave of mergers and acquisitions is the tendency of the acquiring medical system to act like a security SaaS provider to the smaller acquired practice.
Because these practices are smaller, they often don’t have the IT or security expertise that some of the larger practices can afford. This buy-in helps the acquiring health care system get more thorough and secure access to patient information, and both organizations are more likely to avoid the many cyber risks endemic to the healthcare industry.
Many Threats to Healthcare Data
Experian predicts in its 2017 Data Breach Industry Forecast that healthcare organizations will be the most targeted sector. The reason they are top targets for cybercriminals is the nature of the data they are protecting. Patient health information is, on average, 10 times more valuable on the black market than the traditional credit card. Whereas credit card fraud is quickly detected and the card is deactivated, personal health information is difficult to mark as fraudulent and can be used for drug or other medical fraud for months or years.
Protecting patient information is a priority, one made more difficult with the transition to electronic health records. In the shift from paper to paperless, security wasn’t always the primary focus. The federal government responded with strict HIPAA standards. So far in 2017, there have been nine HIPAA settlements resulting from failure to adhere to security requirements for this data. Sometimes security budgets are tied into IT budgets, and if healthcare organizations have to choose between a life-saving technology or a back-end system, they are more likely to choose the former. [Read more…]