Healthcare Organizations Are Typically Slow To Identify Data Breaches; Risk Mitigation Strategies Identified

Healthcare organizations' track record in detecting data breaches is among the poorest of all industries, taking a median of 255 days to identify the breach, said Howard Panensky, vice president, senior placement specialist, Willis Towers Watson, at the October 7-10, 2018, annual conference of the American Society for Health Care Risk Management (ASHRM) in Nashville. By comparison, the median time for all industries to identify a breach is 197 days, which is also a long period for breaches to escape detection. "That's like having a thief live in your home for 200 days," he said. Cyber security risks arise not just from within a healthcare organization but with the whole supply chain of businesses working with the organization, said Kurtis Suhs, senior vice president, Ironshore Insurance Services. "Anyone who touches the organization can put it at risk," he said.