Cyberthievery: Will health care companies respond in 2016?

Cyberthievery: Will health care companies respond in 2016?


The massive Anthem data breach announced early this year is now resulting in dozens of lawsuits. Yet health care companies remain ill-prepared when it comes to cybersecurity, a KPMG survey of health care executives found. 2016 may be the year that changes as the lawsuits wend their way through the courts and the breaches will almost certainly continue.

The consultancy surveyed more than 200 executives from large payers and providers and found 80% of their companies had been hit by hackers. Yet only two thirds of the payers, and a little more than half of the providers, say they’re prepared to protect themselves.

In fact, a report by the not-for-profit Identity Theft Resource Center found the health care industry accounted for more than one third of the 641 data breaches recorded in the United States this year through November 3.

In the Anthem data breach, fraudsters swiped names, addresses, birthdates, Social Security numbers, and other personal information. The company has been hit by lawsuits from consumers who say they’ve been the victims of identity theft due to the data breach, and Anthem has come under scrutiny from federal regulators and state attorneys general.

Health care companies are a prime target because of the “richness of the information” they collect, says Michael Ebert, leader of KPMG’s Healthcare & Life Sciences Cyber Practice. According to the KPMG report, cyber­attacks in the health care industry are underreported, and organizations may not even be aware they’ve occurred. It doesn’t help that much of the industry lacks proper monitoring, tracking, and reporting of cyberattacks.

Going forward, payers need to increase their investment in people and processes to try to fend off data breaches, Ebert says. He sees the greatest risk coming from vulnerable third-party vendors, and payers need to do more to ensure that third parties have proper cyber­security procedures in place.