Healthcare firms plan to increase security spending

By:  Maria Korolov

After several high-profile breaches over the past couple of years, the healthcare industry plans to increase its spending on IT security more than other sectors.

According to a survey released this Tuesday, 81 percent of U.S. healthcare companies plan to increase security spending this year, compared to an overall industry average of 73 percent.

The spending intent is significantly higher than last year, when only 60 percent of healthcare firms planned to increase security spending.

The higher interest in improving security is likely due to a combination of increased awareness of both data breaches and risks of ransomware, as well as increased regulatory oversight, said Jim DeLorenzo, solutions marketing manager at Thales e-Security, which produced the report.

“They get increased attention as protectors of data that is so essential to everybody’s lives,” he said.

But while healthcare breaches can be very high profile and dramatic, the actual incidence rate is lower than in other industries.

Only 18 percent of global healthcare companies said they had a breach in the past 12 months, the lowest of any vertical. By comparison, 43 percent of companies in the retail sector reported that they had a breach.

Part of the reason could be that the health care records marketplace is becoming saturated. With more than 110 million healthcare records breached in 2015 alone, the medical information of nearly half of all Americans is already available on the black market.

Meanwhile, regulators are coming down harder on healthcare companies than ever before, said DeLorenzo.

The Office of Civil Rights under the Department of Health and Human Services is the agency that enforces compliance with the Health Insurance Portability and Accountability Act (HIPAA).

The regulators have previously indicated that they will be conducting more audits, and are now getting serious, he said.

“You’re actually seeing some actual penalties being assessed,” he sai

For example, earlier this month, the Children’s Medical Center of Dallas agreed to a $3.2 million settlement for ignoring security recommendations and not encrypting patient records. And the Memorial Healthcare System paid a $5.5 million settlement for its data breaches, the Department of Health and Human Services announced last week.

Compliance is the single biggest driver of U.S. healthcare security spending, said DeLorenzo.

According to the report, 57 percent of U.S. respondents said that compliance is their top spending driver — compared to just 20 percent globally.

“We’re a compliance-driven marketplace here,” he said. “Especially compared to other countries that have government-run healthcare systems.”

When it comes to allocating their spending, 69 percent of U.S. healthcare companies said that they planned to increase spending on network security. Analysis and correlation tools were in second place, with 62 percent of respondents planning to increase spending in this area.