It’s no secret that the healthcare sector is a prime target for cyberthreats. According to the US Department of Health and Human Services (HSS), security incidents in hospitals and medical clinics in 2020 resulted in losses of $13 billion. Analysis of HHS data showed breaches spiked by over 50% in the first year of the pandemic, and the average cost per breached health record increased from $429 in 2019 to $499 in 2020. Try multiplying the number of health records your organization manages by $500 to understand potential damages of suffering a breach. Financial risk has become inextricably tied to data security.
On March 3, 2022, the HHS Cybersecurity Program Office of Information published its latest data in the Health Sector Cybersecurity: 2021 Retrospective and 2022 Look Ahead report. Startling findings include new calculations that the average healthcare breach costs around $9.23 million, the cost of breaches increased about 10% over the course of 2021, and that healthcare organizations continue to experience the highest average cost of a data breach over all other industries for the 11th year in a row.
The report supplies a retrospective of rising threats to healthcare cybersecurity over the past 30 years, detailing some of the more notable types of breaches and cyberattacks in the sector up to Q4 2021. It also supplies guidance for healthcare security priorities in 2022, including awareness of “new threats and their tactics, techniques, procedures and weapons; new vulnerabilities and the means to correct them or mitigate exploitation; maintaining trusted defense measures; [and] defending against distributed attacks and other new avenues of compromise.”
The report notes that considerations for distributed attack vectors (including compromise stemming from vendors, business partners, service providers, supply chains, and software components) have become increasingly critical. This is one of the driving forces behind the growing requirement for HITRUST certification amongst healthcare organizations and their networks.
Meeting HITRUST’s rigorous requirements demonstrates proficiency in managing health data privacy and security — and an organization’s ability to comply with important standards and regulations. Implementing the HITRUST CSF and its controls helps organizations protect themselves, their partners, and the personal health information (PHI) they manage from cyberthreats and the costs associated with breach.
Adopting the cloud services can speed and simplify the HITRUST certification process, as public cloud providers enable rapid provisioning of secure, compliant IT infrastructure. Cloudticity helps further streamline certification with the Cloudticity HITRUST Inheritance Program — which comes free with an Oxygen subscription. It significantly reduces the cost and timeline of HITRUST certification and saves our customers approximately:
Good Cybersecurity is Good Business
Pursuing HITRUST certification is one way healthcare organizations can proactively insulate themselves from cyberthreats and the financial damages associated with breaches — as well as reputational damage that can hinder revenue and growth potential.
And you can speed your HITRUST journey and avoid the stress of a looming data breach by partnering with Cloudticity. We currently manage over 100 million health records, and we’ve never had a breach in our 10+ years of being in business!
Download our whitepaper The Business Case for Next-Gen Managed Cloud Services for more details on healthcare IT security, HITRUST, and cost-benefit analyses on working with Cloudticity to future-proof your infrastructure with cloud power.