2022 Healthcare Trends: Patients, Payments and Security

Perhaps the only good thing that came from COVID-19 was the evolution of virtual healthcare. Out of necessity, healthcare took a giant leap forward in digitizing patient care and payments, and as a result, this shift is shaping the future of healthcare and making technology a top priority.  
 
Ultimate Medical Academy (UMA) recently discussed the healthcare trends that will stick around post-pandemic.
 
“Information technology adoption exploded in 2020 by necessity — virtual care, remote visits, and electronic data communication were the workarounds that kept the health system going. Moving forward, many health organizations are looking to invest in technology innovation so they can provide secure, digitally enabled care over the long term.”
 
To keep up with patient demand, healthcare organizations will need to provide more digital offerings. But an increase in technology does not mean sensitive patient data is more secure. In fact, the risk of data breaches will only become greater. Why is the healthcare sector such an alluring target for cyber criminals?   

Data. And lots of it. The healthcare industry gathers and stores data within three highly sensitive areas: Protected Health Information (PHI), Personally Identifiable Information (PII) and patient financial information. It’s a lucrative trio for hackers, and the data will either be sold on the dark web or leveraged out for payment (via ransomware). IBM’s 2021 Cost of a Data Breach Report reveals that PII was the most common and most expensive type of record stolen in a data breach – averaging $180 per record – and was included in 44% of all data breaches.
 
Additionally, staff shortages – from the front line of care to critical skills employees behind the scenes in IT departments – have made it increasingly difficult to fight cyberattacks. Without robust security measures in place to protect data from vulnerabilities, hackers have been highly successful in accessing valuable patient data.  
 
And when it comes to healthcare – the overall costs are staggering. For 11 consecutive years, the healthcare industry is paying the most for data breaches, with the average cost increasing by 29.3% from $7.13M in 2020 to $9.23M in 2021. Additionally, nearly 45M individuals were affected by healthcare attacks in 2021, up from 34M in 2020. That number has tripled in just three years, growing from 14M in 2018.
 
The Most Important Victim of Data Breaches – The Patient
 
While cyberattacks have become commonplace across healthcare, it is not only affecting the bottom line, but also patient care. In a recent study by the Ponemon Institute, cyberattacks are routinely impacting patient safety within hospitals and health systems.  
 
Respondents within the report cite cyberattacks as a routine cause of delaying patient procedures and tests. What’s worse is that 57% claim that cyber hacks result in poor patient outcome, while 50% report increased complications in medical procedures.  
 
A chilling-yet-telling fact within the report shows that the ultimate victim of cyberattacks is the patient.  For those health systems that have experienced the four most common types of cyberattacks – ransomware, cloud compromise, supply chain attacks and phishing – 20% said they have increased patient mortality rates.
 
Today’s IT and security leaders from major U.S. health systems realize that cybersecurity is more than data security – cybersecurity also means patient safety.
 
Cyber Hygiene = Patient Safety
 
A balance of cyber hygiene and patient safety is needed in preparing for cyber attacks. So, what are the best practices for keeping a good balance of cyber hygiene and patient safety?  
 
There are two options for healthcare organizations when considering a payment and data security strategy. First, you can “defend the fort” by putting up stronger perimeter defenses. Implementing strict access controls, monitoring data usage, and training employees on best security practices are the best measures for defending valuable data.  
 
The second option is to “devalue the data.” Cybersecurity experts are recommending encryption – for data at rest and in transit – as one of the most useful methods for healthcare organizations. Strong encryption makes it impossible for hackers to decipher patient data in the event a network is breached.  
 
Bluefin is a strong believer in devaluing the data, so that if a hacker does penetrate the perimeter, they find nothing of value. We provide solutions such as PCI-validated point-to-point encryption (P2PE) and tokenization to secure payments and data entered in-person and online. We are proud to be an integrated payments partner with CharmHealth and protect the data of healthcare organizations across the country. Learn more through our case study with Clinic 45.