Geography, price, and whether the healthcare provider is in their insurance network or not are often the main factors that lead consumers to choose a medical professional. Lately, however, the cybersecurity posture of the organization has started to take on a more important role when it comes to choosing care.
Statistics confirm an increase in consumer concern. The 2021 Consumer Healthcare Cybersecurity Threat Index found that 27 percent of patients would switch providers if their healthcare provider fell victim to a cyberattack – that's a nearly 30 percent increase from the same study the previous year.
As healthcare data breaches continue to make headlines, patients are now keenly aware of the impact cybercrime could have on the security of their personal health information. While this awareness is already a deciding factor for a growing percentage of healthcare consumers, the rapid digitization of healthcare data security is continually pushing privacy to the front of more people's minds.
As a result, for healthcare providers, maintaining a strong cybersecurity posture is vital not only for minimizing operational downtime and remediation costs but also for ensuring consumer confidence and lifetime revenue.
It's Not Only Patients Who Know the Value of Healthcare Records
Healthcare records are a precious resource for cybercriminals. Effectively unalterable and permanently tied to specific individuals, patient data has real financial value as an enabler of fraud and identity theft. This was true even before the pandemic dramatically increased the threat level for healthcare providers. Between 2005 and 2019, over 250 million individuals were impacted by data breaches in the , and the average cost of a breach grew by over 19 percent.
However, the rapid digital transformation and consequently broader attack surface created by the COVID-19 pandemic resulted in the amount of patient data exposed through data breaches rising astronomically. In 2020 alone, the number of healthcare data breaches rose by 55 percent compared to the previous year. Because of significant delays in finding and reporting data breaches, this already dramatic increase is also likely to be an underestimation of the real growth in incidence rates.
Simultaneously, both medical fraud and consumer consciousness of their data privacy have also grown significantly over the past twelve months. Worryingly for healthcare providers, customers are taking the threat to their data seriously. Across every sector, over 48 percent of consumers are now likely to abandon a product or service provider who puts their personal information at risk.
The Impact to Revenue from a Data Breach Doesn't End with Remediation
While consumers are more privacy-conscious in general, this concern is heightened when it comes to health data. With the unchangeable nature of patient data likely to put patient financial and personal safety at immediate risk of identity theft or other cyber threats, consumers are swift to note data breach notifications regarding their health data.
This awareness is warranted because for impacted individuals, medical identity can be a significant personal risk. Increasingly commonplace, this kind of identity theft impacts over two million Americans annually and costs the average victim $13,450, making it among the most expensive and difficult to remediate types of fraud for an individual. Consequently, it's no surprise that consumers place a particular premium on their health records' security.
According to data from the Ponemon Institute, the vast majority of healthcare consumers rate their health records' security as very important when it comes to their healthcare provider. As a result, for providers who fall victim to data breaches that expose patient records, the effects of a cyber attack can have profound, long-term, negative consequences.
Accenture reports that the reputational damage created by lapses in cybersecurity will imperil at least $300 billion of lifetime patient revenue in the next five years alone. However, while the overall impact of lost revenue from data breaches is significant for the healthcare industry as a whole, for some companies, a data breach can be terminal.
Even aside from these long-term costs, data breaches are devastating for healthcare organizations that rely on secure and seamless access to data records and processes. A recent attack on The University of Vermont Health Network has been estimated to have cost the organization as much as $65 million in lost revenue and organizational downtime alone.
With patients becoming more and more privacy-sensitive when choosing a healthcare provider, data protection is now a business-critical asset for every organization. On the other side of the equation, threat actors have increased motivation to go after patient records and, thanks to evasive attacks, the ability to bypass traditional security controls.
However, while the rapidly evolving threat landscape surrounding health providers is changing, protection is still possible. Even in heavily targeted and inherently vulnerable sectors like healthcare, every attack is defensible. By combining a proactive approach to cybersecurity with a zero-trust endpoint security platform, healthcare providers can effectively mitigate the threats they face.