Last week, New York insurer Excellus BlueCross BlueShield became the most recent health care company to announce it was the victim of a sophisticated cyberattack after hackers gained access to the Social Security numbers, mailing addresses, and financial information of as many as 10 million customers. Unfortunately for Excellus, it was not able to escape becoming part of a disturbing trend: According to a recent survey published by KPMG, which was featured inModern Healthcare, eighty-one percent of health care executives say their organizations have been compromised by at least one cyberattack during the past two years. Additionally, a little more than half of the 223 executives who participated in the KMPG survey feel they're adequately prepared to prevent attacks.
The survey also noted that the areas with the greatest vulnerabilities within an organization include external attackers (65 percent), sharing data with third parties (48 percent), employee breaches (35 percent), wireless computing (35 percent), and inadequate firewalls (27percent).
Critically, on the black market, patient records are typically far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot easily be changed. Therefore, a key goal for health care executives should be to advance their institutions' protection to create hurdles for hackers. Research shows that currently most health care organizations lag behind other industries in terms of the money and effort spend on cybersecurity.