Eighty million Americans had sensitive personal and financial data stolen in the recent gigantic data breach at health insurer Anthem. But experts say even that horrifying event may not be enough to convince healthcare organizations to step up their spending and reverse their chronic underinvestment in information technology security.
“I'd like to think so, but I'm not sure,” said Michael “Mac” McMillan, CEO of CynergisTek, an Austin, Texas-based security consultancy. There are still “far too many people” making spending decisions who don't see paying for security as an ongoing cost of doing business, he added.
The unprecedented data loss reported at Indianapolis-based Anthem is 16 times larger than the previous record for a healthcare data breach and affects about 25% of the U.S. population. Even before the Anthem debacle, there had been 1,172 breaches large enough to expose 500 or more individuals' records, or 40.9 million individuals' medical records in all, according to the breach list compiled by the HHS' Office for Civil Rights.
Although a massive security breach like Anthem's seems as though it would spark a consumer uprising that would force healthcare leaders and elected officials to act, it probably won't, cybersecurity experts say. “I'll be surprised if this will be a Chernobyl,” said Fred Cate, a law professor at Indiana University and a cybersecurity expert.