“Health care organizations are a prime target for cyberattacks,” confirms Robert Herjavec, dynamic entrepreneur and star of ABC’s Emmy Award-winning hit “Shark Tank.” He explains: “Patient records are identity documents that contain personal data as well as credit card and payment information. When compromised, these records can be used for identity theft, financial fraud against the patient, or to defraud insurance providers.”

A growing problem

In its Cyber Security Intelligence Index, IBM branded 2015 the “year of the health care breach.”

“We all believe that when we give our data to our medical provider, a sacred trust and protection exists,” Herjavec offers. “We don’t have a choice. We need treatment and have to share significant personal, medical and financial details.”

So what makes health care such a hot target? To Herjavec, who founded his global information security firm in 2003, “Health care delivery and management has become extremely dependent on information systems. There are significant information processing requirements and investments made each year, and it can be difficult to keep them all up-to-date, patched and refreshed.”

This tradeoff is usually driven by the increasing role technology plays in medical treatments, as well as the sustained pressure to keep nonclinical costs down. Reliable security solutions are often deemed too expensive or cumbersome to implement, leaving large pools of data unsafe.

The result is “a higher-than-average legacy ‘debt’ of outdated systems, un-patched operating systems and older browsers,” Herjavec says. 

'“Improvements in auditing and monitoring have taken security in health care a very long way.'”

Not if, but when

While proper protection can come with a hefty price tag, the price of an attack is indisputably higher. According to IBM, the average cost of a data breach across all industries was $3.8 million in 2014 — up 23 percent from 2013. Yet in the health care sector, the cost was $363 per record breached, more than twice the overall average of $154 per record.

“Security needs to be a top priority because it’s not if you will be attacked, but when,” urges Herjavec. “Just like a large public enterprise organization, health care providers have to prioritize a proactive approach to security — balancing people, process and technology to improve the protection of their informational assets and patient information.”

The path to safety

As the cybersecurity leader points out, however, health IT is adapting to combat these attacks: “Improvements in auditing and monitoring have taken security in health care a very long way. By leveraging user behavior analytics and improved identity management tools, health care providers are better able to determine who has access to what data, when, for how long and why.”

When choosing a security provider, Herjavec recommends working with someone who understands your objectives and has a clear, disciplined approach to security.

“Your provider should be transparent with you in terms of how your data is processed, analyzed and stored,” he sums. “Clear mechanisms need to be in place so you understand how escalations and breaches would be handled and supported. You want a provider that can demonstrate excellence and consistency in delivery.”