Cybersecurity threats pose enormous risks for healthcare providers, including significant liability, operational disruptions, reputational damage, regulatory scrutiny, shareholder lawsuits, patient dissatisfaction and significant cleanup costs.
However, many organizations are not fully prepared for current or future threats. A 2017 study by KLAS Research and the College of Healthcare Information Management Executives (CHIME), found that only 16 percent of the providers surveyed reported that their cybersecurity program was “fully functional.” Another 41 percent reported that their security program was developed or starting to function, and 43 percent reported that their cybersecurity program was developing or not developed.
Clearly, a fully functional security program is critical to managing cybersecurity risk, yet even sophisticated cybersecurity programs are not an absolute guarantee against losses. Insuring against loss is prudent, with per capita cost of data breaches in the global healthcare industry averaging $408, and data breach costs for all industries averaging almost $8 million, according to a 2018 study by Ponemon Institute.
