IBM’s X-Force Research examines the risks of electronic health records, a lucrative business for criminals and expensive for corporations. While records might be sold for ~ $50 to criminals, the “data breach cost” to a company averages out to $355 per record. The overall number of breaches were up in 18.5% 2016, though the largest breaches in last five years took place in 2015. Emerging threats include ransomware via spam phishing emails, inadequate third party response, merging EHR systems through M&A, and insiders. In fact, IBM’s Managed Security Services found that insiders launched 68% of network attacks on healthcare organizations. But insiders also pose other risks through neglect (leaving computers in car without password protection) and lack of education (clicking on phisihing emails).
Whether you play in healthcare or not, strategists of all companies need to track the evolving nature of cyberthreats to ensure their organization responds with speed and agility. The report also calls out the importance of insiders (including benign ones), which speaks to the importance of involving HR and integrating risk-mitigation practices in your workforce planning. And remember these issues when considering M&A – better to deal with them up front than face a crisis during integration.