Consumers Are Not Prepared to Handle Cybersecurity Threats, Morphisec Report Finds

The 2019 Morphisec Consumer Healthcare: Cybersecurity Threat Index found that while healthcare portal use by consumers has increased, consumers believe their health data is more secure on their own phone than on providers’ devices.

Despite that, nearly 80 percent of consumers said they are not prepared to handle cyber threats on their own.

Morphisec, a cybersecurity software solution company, administered a survey to 1,000 U.S. consumers over the age of 18 and weighted for the U.S. population by age, region and gender.

Tom Bain, vice president of security strategy at Morphisec, told Inside Digital Health™ that the healthcare industry is more aware of cybersecurity threats today than five years ago. One of the things that’s turned the tide in healthcare is the digitization of patient and healthcare records and the portability of data across devices, the web and any internet-enabled application.

The report revealed that 54 percent of consumers did not know if their provider had been hit by a cyberattack. But this is likely not the result of providers keeping information from their patients.

Health Insurance Portability and Accountability Act (HIPAA) laws require healthcare providers to notify patients when their information has been compromised.

And let’s face it, with more than 2,500 healthcare data breaches since 2009, almost 59 percent of the U.S. population has likely had their data compromised. Consumers just are not aware of what their providers are doing.

Consumers are also more fearful of a health data breach (59 percent) than hackers gaining access to an internet-connected medical device (41 percent).

There was also an increase in the use of patient portals. According to the Office of the National Coordinator for Health Information Technology, in 2018, 28 percent of consumers used portals, while 42 percent of patients use a portal this year to get shared data from their provider.

With the increase in portal usage, organizations need to make sure they are ready to protect against basic and advanced threats.

Morphisec suggests that organizations adopt encryption techniques and two-factor authentication to gain portal access. Providers could also deploy solutions that protect against advanced browser-based threats.

Although portals are being used by more consumers, consumers feel their health information is secure on their personal devices. In fact, 45 percent of consumers believe the security of their healthcare data on their personal electronic devices is more secure than on their provider’s device.

But nearly 80 percent of consumers aren’t prepared to handle the most active and dangerous cybersecurity threats.

“Consumers are blind in terms of how they can actually make a difference or investigate how they can protect their data more appropriately and diligently and how their providers are applying security mechanisms to protect data,” Bain said.

Bain suggested that providers need to better educate its consumers on what is happening within the health system and how patients can best protect their data.

Because the waivers being signed at the doctor’s office are lengthy, people are generally just going to sign it and not thoroughly read what the provider does and does not do with patient information. Bain said that providers should come up with an alternative way to communicate what is being done with patient health information.

Bain also said that most providers just follow enough HIPAA guidelines to be compliant and are not focused on cybersecurity software that can reduce the risk of attacks. Taking a few extra measures that focus more on innovations, services and solutions can help the organization better defend itself against attackers.

“It’s all in what an organization is willing to do and has the budget to be able to do,” Bain told us. “Organizations can never be satisfied and should never go stagnant from a cybersecurity standpoint. You can’t often prevent being attacked, but you can add more layers to build more protection.”

Get the best insights in healthcare analytics directly to your inbox.

Related

Why Experts Think e-Commerce Hacker FIN6 Is Moving Into Healthcare

If You Can’t Beat the Hackers, Join Them

Hacking and Neglect Continue to Keep Healthcare in Danger