Dive Brief:
- A new report from security rating firm BitSight Technology concludes that massive data breaches at eBay and Target could be a sign of what's coming for the health care industry.
- According to BitSight, health care saw the largest growth in security incidents during the study period — April 1, 2013 through March 31, 2014 — but also the slowest response time. Health care's response time was five days, compared to finance at three and a half, and and retail and utilities at four days.
- The report notes that health care security pros are paid relatively badly, and that health care institutions spend only enough to comply with privacy regulations like HIPAA.
Dive Insight:
The problem seems to be that health care institutions don't see security as a top priority. According to the report, "Unlike the financial institutions and electric utilities ... the health care and pharmaceutical companies do not view cybersecurity as a strategic business issue. They do not spend enough resources to protect their data, in part because cybersecurity has not received the executive level attention it deserves."
However, with HHS stepping up financial penalties for HIPAA violations, this may shock senior executives into paying more attention to these issues.