Last year Ponemon reported information security incidents cost the healthcare industry more than $6.2 billion. I expect this year that number will continue to increase.
One reason is the number two cost vector cited in the report was ransomware. Ransomware incidents are not on the decline. TrendMicro reported in August that just the first half of 2016 had seen a 172% percent increase in ransomware incidents over all of 2015 combined.
Another reason is the importance of information availability in the clinical environment. Where other industries may sardonically quip, “it’s not a matter of life and death,” in healthcare, it quite literally is. As an analyst at ESET put it, “Criminals know this and are deliberately targeting medical organizations.”
Collectively, those of us in the information security field hold a special trust and confidence with those who share personal health information. We need to do a better job of controlling risks to that information, and advocating to those who may not completely understand risk but approve budgets, the need to allocate resources.