• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Healthcare, Pharma Lag in Cybersecurity Effectiveness


Although recent high-profile data breaches have been in the retail sector, healthcare and pharmaceutical companies have even worse cybersecurity practices.

While high-profile data breaches at companies like Neiman Marcus and Target gained attention in the last 6 months, the healthcare industry is at even larger risk.

According to a new analysis by BitSight Technologies, health industry groups in the S&P 500 have worse security practices than companies in the finance, utilities, and retail sectors. Both the healthcare and pharmaceutical sectors had a high volume of security incidents and slow response times from April 2013 through March 2014.

“Based on our analysis, it is clear that organizations that treat cyber security as a strategic issue perform better than those that view it as a tactical one,” Stephen Boyer, BitSight co-founder and chief technology officer, said in a statement. “This partially explains the superior Security Ratings of financial institutions and electric utilities in the S&P 500 compared to retailers and healthcare companies.”

BitSight Security Ratings range from 250 to 900—higher ratings equal higher security performance. The average rating in the healthcare and pharmaceuticals industry was 660, just below retail’s 685 and far below utilities’ 751 and finances’ 765.

The healthcare and pharmaceutical sectors had the largest percent increase in the number of security incidents during the April 2013 to March 2014 time period, according to the report. Furthermore, the average event lasted 5.3 days, which is longer than any other industry.

“In our recent assessment of medical devices used in clinics and hospital around the country, weak encryption, lack of key management, poor authentication and authorization protocols, and insecure communications were all common findings,” Chandu Ketkar, technical manager at Cigital, said in a statement. “These gaps in security can lead to a compromise in data confidentiality and integrity. When sensitive data is compromised, it can not only create risks for patients, but also expose health care providers and device manufacturers to regulatory and business risks.”

Data breaches in the healthcare industry are taken very seriously, particularly in the wake of the new HIPAA Omnibus Rule. For instance, WellPoint was penalized $1.7 million for inadequate protection of members’ information. Penalties are tallied on a per person, per day basis.

Related Videos
Victor J. Dzau, MD, gives expert advice
Victor J. Dzau, MD, gives expert advice