• MEMBER POST: Cyber and Health Care Delivery Transformation

    It’s cybersecurity awareness month ― a topic now listed as one of the top five business risks facing the health industry.

    Digital disruption is now a strategic imperative facing all health organizations, and a rapid pace of change brings about new business models and risks which organizations must be prepared to identify proactively, prioritize correctly, and respond to effectively.

    Not surprisingly, health-related data breaches have already grown rapidly in 2018. In the first 7 months alone, the protected health information of more than 6.1 million individuals across the US was compromised over the course of 221 data breaches, according to a recent HIPAA Journal article.

    Healthcare companies are especially at risk of insiders causing data breaches, as opposed to external actors or partners. This year’s EY Global Information Security Survey 2018-19 (GISS) found careless or unaware employees are seen by healthcare companies as the most likely source of a cyber-attack, followed by sources such as external contractors, customers, suppliers, and other business partners.

    Regardless of initiation source, these breaches can have devastating effects for both the impacted individuals and companies across the health value chain.

    Health: unique industry risk multipliers 

    Evolving consumer expectations, increased demand for services, rapid technology advancement, and the rise of digital health is fundamentally altering the sector landscape and creating new cyber vulnerabilities. Increased opportunity, coupled with the high value of medical records on the black market, and a history of underfunded cyber programs, has led healthcare to become a favored target for cyber criminals. 

    In fact, the ECRI Institute recently identified the top health technology hazard as the potential for hackers to exploit remote access systems to gain unauthorized entry to a health organization’s networked devices and systems. 

    The recent EY Future of Health survey found data analytics is the most planned initiative for health organizations over the next 12 months. This increased reliance on data means more information and access points available for insiders or cyber criminals to take advantage of the health supply chain. 

    As the health sector is responding rapidly to new consumer-centric health demands, care delivery is moving away from traditional views of patients in beds and into technology enabled platforms that allow consumers to interact with providers in virtual settings and in the home. Organizations with agile cyber programs, enabled by integrated and digitalized risk intelligence and reporting, will be those best positioned to thrive in these emerging models of care. 

    Cybersecurity - like medicine - is most effective when preventative and outcome focused 

    Just as doctors across the country perform well checks and take other preventative steps to benefit patients, today’s health organizations need to protect the enterprise by identifying assets and building lines of defense to get ahead of cybersecurity threats.

    That said, cybersecurity is about more than purely prevention. In the new consumer-centric health ecosystem, organizations will need an innovative and agile cybersecurity strategy rather than responding in a piecemeal and reactive way. The customer experience must be a key consideration. 

    Data is the new oil in the world markets, and given this, trust is the new currency. Effective cyber programs form the foundation of this trust in health, and above all, consumers must trust the brand. Companies should consider how to leverage this trust as a strategic differentiator with consumers by: 

    • Optimizing cybersecurity by stopping low-value activities, increasing efficiency and reinvesting the funds in emerging and innovative technologies such as intelligent automation and data analytics to enhance existing protection and resilience capabilities. 
    • Enabling growth by implementing security-bydesign as a key success factor for the digital transformations that most organizations are going through. Integrating and embedding security within business processes from the start will build a more secure working environment for all. 

    For our most recent Global Information Security Survey findings, visit For more information on digital disruption in the health industry, visit

    This article was originally published by Shannon Henry on LinkedIn on October 22, 2018.

    Shannon Henry 
    EY America's Health Risk Leader     #BetterQuestions