The average consolidated total cost of a data breach is $3.8 million, representing a 23 percent increase since 2013, according to a study conducted by the Traverse City, Mich.-based Ponemon Institute.
More and more breaches are being reported every week and while legislative moves are being made to hold the privacy of health data to the same standards as other protected personal information, healthcare cybersecurity still doesn't feel all that secure for many.
Here are five insights from IBM vice president Marc van Zadelhoff about how his company thinks about cybersecurity, according to an interview with the Harvard Business Review.
1. The best practices for cybersecurity are five-fold: Put top analytics and intelligence in place, train and prepare an incident response team for a breach scenario, encrypt healthcare records so the information is inaccessible even if hackers get to them, train employees and elect a business continuity management team.
2. "The reality today is that no matter how careful we are, no matter how well we design our strategies or how thoroughly we educate and engage employees, we're never 100 percent safe against a cyberattack," Mr. van Zadelhoff said. "Our best defense is to revamp how we've been approaching security, and to move from constantly bombarded, isolated, defensivepositions to a united, intelligence-driven, collaborative front against cybercrime."
3. "I think that not enough attention is being drawn to the careless exposure of data by internal mistakes, which happens quite often, even when there are no malicious actors prompting it," Mr. van Zadelhoff said.
4. A hacker's goal is to steal the information that is valued the highest. A health record can often be sold on the black market for something in the neighborhood of $50. Credit card data, or a Social Security number might only sell for $1.
5. "To truly fight back as best as we can, we need to collaborate on the same level as hackers, sharing information across industries and organizations to see attacks in real time," Mr. van Zadelhoff said. "Just like a disease epidemic, if we're able to put the right infrastructure, warnings, and precautions in place before a malicious attack comes to us, chances are that we'll be much better equipped to spot it and shut it down if it does get into our systems."