Despite ransomware siege, 80% of consumers trust healthcare with their data

Ponemon Institute found high level of trust despite healthcare accounting for 34 percent of all data breaches.
By Jessica Davis
11:31 AM
Share
healthcare data and ransomware

Healthcare is trusted above all other industries to protect personal information, a new Ponemon Institute report has found, even though nearly half of all breached records tie back to a healthcare organization.

About 80 percent of the 549 surveyed consumers said they trusted healthcare providers to protect their data, ranking just above banking institutions (77 percent).

It’s an interesting statistic, given that healthcare organizations account for 34 percent of all data breaches and 44 percent of all breached records. For example, Anthem’s 2015 data breach affected 37.5 million patients, Premera Blue Cross’ 2015 breach affected 11 million and last year’s Banner Health breach affected 3.62 million.

[Also: WannaCry highlights worst nightmare in medical device security]

By comparison, banking, credit and financial organizations account for only 4.8 percent of all data breaches and only 0.2 percent of breached records. These organizations also spend two to three times more on cybersecurity than the healthcare industry.

What’s more confounding is that 63 percent of consumers said privacy and security was most important when visiting a healthcare provider.

Healthcare pros aren’t so certain

The researchers also asked IT staffs to rank their organization on prevention, detection and management of consequences stemming from data breaches. And the results were low: Only 39 percent rated their organization’s ability to prevent a data breach as high, 47 percent ranked their organization as high in detection and only 31 percent felt their organization was highly capable of resolving a breach.

But chief medical officers are more optimistic about their organization’s ability to successfully navigate a breach: 63 percent said their organization is resilient against data breaches.

[Also: How US healthcare spent the weekend protecting against WannaCry]

CMOs and IT also differed on the greatest concerns of a breach: The majority of CMOs felt brand and reputation damage were the biggest consequence, while most IT respondents said greater scrutiny of IT function was the largest concern.

However, the report found a data breach is one of the top three negative effects on brand reputation. The most serious threats are poor customer service and an environmental incident.

Further, organizations with poor security posture have the greatest amount of customer turnover at 3.35 percent. The average breached organization lost $3.22 million in business, according to the report.

There’s also a clear and direct effect between a data breach and the decline of stock price.

Of the 113 companies analyzed in the report, the companies with the best security posture have a dedicated chief information security officer, adequate budget for staffing and security investments, funding for security awareness training, regular audits of vulnerabilities, assessment of third-party risk and participation in threat-sharing programs.

If breached, it’s these companies that recover the fastest. In contrast, organizations with poor security posture, low funding and a lack of a response plan experience a stock price decline after a data breach disclosure, which doesn’t fully recover after a breach.

Multiple breaches have a serious impact on the relationship a consumer has with an organization: 65 percent of consumers said these incidents caused a loss of trust in the organization. The report also found that 31 percent of respondents said they took steps to terminate the relationship with the breached organization.

“Companies with both a positive and negative security posture can experience the loss or theft of sensitive and confidential information,” the report authors said. “However, it’s our belief that companies with a strong security posture are more resilient, and therefore, will have a less detrimental impact on stock price than those with a weak security posture.”

“A company’s [security posture] can be improved by having a fully dedicated CISO, adequate resources, participation in threat sharing programs and strategic investment in appropriate enabling technologies,” they said.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn