With all the data breaches and threats popping up all over by healthcare, expect the market for cybersecurity products and services in U.S. hospitals to grow by 13.6 percent annually between now and 2021.
That estimate comes from a new, lengthy and pricey report by research firm Frost & Sullivan on the U.S. market for hospital cybersecurity. Frost isn’t releasing dollar figures of its forecast to the media, but the Mountain View, California-based company isn’t holding back in identifying culprits in this expected market growth.
“There’s been a cultural naïveté about IT security in healthcare,” said lead author Nancy Fabozzi, Frost & Sullivan’s principal analyst for connected health.
Fabozzi said that many healthcare organizations have wrongly assumed that meeting HIPAA security requirements is enough. But the fact that, according to Frost’s research, there have been 1,437 large breaches of health data, affecting more than 154 million patient records, since 2009 illustrates that their efforts have been sorely inadequate.
More than 113 million of those records were breached in 2015 alone, so the threat appears to be growing. Of particular note, 98.1 percent of records breached last year were because of hacks or other malicious activity, according to Frost.
“Hospitals are finally now realizing that health data is so valuable,” Fabozzi said. Unfortunately, she added, until very recently, technology vendors have not had to prove that their offerings are sophisticated enough to meet the threats posed by hackers.
“In spite of a growing awareness of the problem of increased cyber threats, many healthcare organizations face considerable challenges as they gear up to do battle with cyber attackers. Hospitals’ lack of leadership, appropriately trained staff and adequate financial resources are critical concerns,” Frost explained in a PowerPoint presentation shared with MedCity News.
But they are starting to get the message. “Hospitals are transitioning from a reactive, piecemeal, fragmented approach to protecting privacy and security that is highly dependent on HIPAA compliance to an approach that is proactive, holistic and coordinated, anchored by integrated solutions designed to protect multiple endpoints (computers and connected medical devices),” the presentation said.
“The real opportunity here is for consultants — managed services and professional services,” Fabozzi explained.
In 2015, about 80 percent of healthcare security spending was on software and other products, with just 20 percent dedicated to services, Frost reported. Expect that mix to shift to about 70/30 by 2021.
With the HIPAA security rule now 13 years old — and based largely on a draft completed in 2000 — Fabozzi said that it’s likely there will be new legislation and regulation on healthcare cybersecurity in the near future, regardless of how the November presidential election plays out.
“There’s a risk in healthcare that goes far beyond anything in other industries, and that’s hacking into a medical device and harming patients,” Fabozzi noted.
Timing of this report couldn’t have been any better for Frost & Sullivan. The report — or at least the news release about it — hit the same week Phoenix-based Banner Health disclosed a major breach of payment terminals and other computer system and that Advocate Health Care Network in Illinois reached a record $5.55 million HIPAA settlement over allegedly lax security practices.
Here’s an infographic from Frost highlighting themes in the report:
Images: Frost & Sullivan, Flickr user El Hombre Negro
In another big surge for healthcare hiring, the industry added 44,000 jobs in April — representing more than a quarter of the 160,000 jobs created that month, according to data released Friday by the U.S. Department of Labor’s Bureau of Labor Statistics.