As the healthcare industry continues to struggle with tightening up its cyber-defenses, consumers increasingly believe they play a role in securing their health information, according to a new report published by Morphisec.
The 2019 Consumer Healthcare: Cybersecurity Threat Index asked more than 1,000 consumers their opinions on the number of cyber-attacks targeting health information to understand consumer perspectives on their provider's cyber-defenses.
“With nearly 90% of health organization CIOs indicating they purchase cybersecurity software to comply with HIPAA, rather than to reduce threat risk, consumers have a right to be worried about the cyber-defenses protecting their health data,” said Tom Bain, VP of security strategy at Morphisec, in today’s press release.
“Merely checking the box that cybersecurity defenses meet HIPAA requirements isn’t enough to protect healthcare organizations today from advanced and zero-day attacks from FIN6 and other sophisticated attackers.”
Even though HIPPA laws require healthcare providers to inform patients of a data compromise, the report found that 54% of consumers don’t know if their health provider has suffered a cyber-attack.
“With more than 2,500 healthcare data breaches since 2009, each involving more than 500 records, it’s estimated that about 190 million healthcare records have been exposed over the last decade. That’s equivalent to 59% of the U.S. population. So most of those who don’t know if their provider has been breached may actually have had their data compromised,” the report said.
Only 30% of respondents said they hold their providers solely responsible for securing their health records, 50% of respondents feel they are also responsible for securing their private health information. While 45% believe their personal health information is more secure on their own devices than it would be on the devices of their providers, the vast majority of consumers (80%) reported that they are not well prepared to respond to cyber-threats on their personal devices.
“As healthcare providers open up different channels for sharing data, and even encourage the sharing of patient-generated data (PGD), such as physical activity, heart rate, sleep, food, and blood glucose levels, they should be clear with consumers on who maintains ownership of that data as it is shared,” the report said.