Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE +
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
February 07, 2015 12:00 AM

Experts doubt Anthem breach will boost security spending

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    Eighty million Americans had sensitive personal and financial data stolen in the recent gigantic data breach at health insurer Anthem. But experts say even that horrifying event may not be enough to convince healthcare organizations to step up their spending and reverse their chronic underinvestment in information technology security.

    “I'd like to think so, but I'm not sure,” said Michael “Mac” McMillan, CEO of CynergisTek, an Austin, Texas-based security consultancy. There are still “far too many people” making spending decisions who don't see paying for security as an ongoing cost of doing business, he added.

    The unprecedented data loss reported at Indianapolis-based Anthem is 16 times larger than the previous record for a healthcare data breach and affects about 25% of the U.S. population. Even before the Anthem debacle, there had been 1,172 breaches large enough to expose 500 or more individuals' records, or 40.9 million individuals' medical records in all, according to the breach list compiled by the HHS' Office for Civil Rights.

    Although a massive security breach like Anthem's seems as though it would spark a consumer uprising that would force healthcare leaders and elected officials to act, it probably won't, cybersecurity experts say. “I'll be surprised if this will be a Chernobyl,” said Fred Cate, a law professor at Indiana University and a cybersecurity expert.

    “Perhaps it hasn't really sunk in with the public to ask their lawmakers to do something about it,” said Lillian Ablon, a cybersecurity expert at RAND Corp. For most people affected by security breaches, there hasn't been “a big hurt,” she noted. All they face is the inconvenience of changing some accounts. The few who have become victims of financial and identity fraud are “such a small percentage that it hasn't reached critical mass yet,” she said.

    What will it take? “When we see a cyberattack that results in (automated teller machines) not working,” Cate said. “That will bring it home as a real threat.”

    For years, healthcare officials have worried out loud that privacy and security breaches could undermine public support for a federal program to accelerate the shift from paper to electronic health-record systems. But for just as long, healthcare spending on security has lagged behind security spending in other industries.

    Recent survey reports from the Healthcare Information and Management Systems Society peg average healthcare organization spending on security at about 3% of their IT budgets. That's too low to get the job done, McMillan said. “People in healthcare just have to wake up,” he said. Healthcare data is “a lucrative target for these guys.”

    A study released last summer by the Ponemon Institute found that in 2012 and 2013, 90% of healthcare organizations saw their patients' data exposed or stolen. And yet, only 23 instances of privacy and security rule violations under the Health Insurance Portability and Accountability Act have led to financial penalties or agreements with monetary settlements, according to federal statistics.

    Dr. James Madara, CEO of the American Medical Association, expressed hope that the recent breaches will lead to greater security spending. Data security hasn't made many top-five problem lists among healthcare organizations, Madara said. The Anthem breach “will bring some light to that. If cybersecurity isn't something that's at the top of your list as an insurer or an integrated system, it has to get there very quickly.”

    Dr. William Bria, president of the Association of Medical Directors of Information Systems, said the industry's inadequate approach to security must change. “If they just fire a couple of guys on the technology side, it won't solve anything,” he said.

    Government investigations also could force the industry to beef up its security spending. “I wouldn't be surprised if HHS and the attorney general, or both, come in with some very serious investigations,” Cate said.

    McMillan said he sees some signs of progress. “We have seen an uptick in security spending, at least in the last six months,” he said. “This may well be the incident that makes people say, 'We have to do something.' ”

    Follow Joseph Conn on Twitter: @MHJConn

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    ChadMirkin - Headshot_0.jpg
    Nanotech startup brings new approach to cancer vaccine
    money arrows decrease down 2.png
    Changing employer market leaves digital health companies rethinking strategy
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE +
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing