Healthcare Leaders Admit Serious Gaps in Data Breach Response, Survey Finds | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Healthcare Leaders Admit Serious Gaps in Data Breach Response, Survey Finds

March 5, 2018
by Rajiv Leventhal
| Reprints

When it comes to responding to a cybersecurity attack, healthcare leaders point to serious gaps in the processes about how to respond to a breach, particularly about training and being informed about standard operating procedures, according to a recent poll conducted by KPMG.

In a survey of 154 healthcare and life sciences leaders, KPMG found that more than half (51 percent) of respondents said that written operating procedures about how to respond to a cyber attack either don't exist or they are unaware of what those standards are for responding to varying types of cyber events and elevated incidence that impact an organization. 

With so many different types of threats, from insider threats, to malware, to direct hacking and penetration, organizations need to have multiple cyber response plans and process as well as simulate these through annual "war games,” according to the researchers.

The poll, which was conducted during a recent KPMG webcast, It's not a question of if you will experience a breach, it's a question of when. Are you able to respond to today's cyber threats?, also found:

  • 29 percent of respondents did not know what actions an organization took once a cyber attack or data breach was resolved. Technology upgrades were seen by 15 percent of respondents and training was improved at another 14 percent. Staffing or leadership were changed in a combined 17 percent of respondents' organizations. Another 24 percent responded that they didn't have a breach.
  • 25 percent of respondents said data compromises after a cyber attack were resolved within a day and another 15 percent said "a few days" and 16 percent found the issue to linger more than a week.
  • Lack of training was the biggest weakness in cyber security defenses (29 percent), topping dealing with third parties (20 percent).
  • The loss of confidential information from a cyber-attack was the biggest source of damage from a breach (41 percent), but the second largest response was "reputation damage" at 27 percent. 

"To borrow a phrase from the movie ‘Cool Hand Luke,’ ‘What we've got here is a failure to communicate,' and that certainly applies to healthcare organizations in their cyber attack protocols and response plans," said Michael Ebert, partner, and KPMG's cyber leader for healthcare. "Healthcare IT leaders need communicate more effectively and frequently about the tremendous risks and potential ramifications tied to cyber incidents, and that includes training. If you look at cyber strategy as needing people, processes and technology, many organizations are falling short on the process."

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.