Government subsidies for healthcare cybersecurity are long overdue as cyberattacks on the healthcare industry rise.
More than 5.1 million healthcare records were exposed in a single month six months ago. Even while that amount seems shocking, it wasn’t all that different from the 4 million per month norm. It is hardly surprising that healthcare organizations are utilizing cyber insurance to protect themselves from the enormous costs and liabilities associated with such assaults. Cyberattack frequency causes insurance premiums to increase; they did so by 112 percent in August 2021 alone after increasing by 96 percent in Q2 of that year. These costs have significant and varied consequences on patients and healthcare systems, including hacked patient privacy, ransomware, and other sorts of IT system disablement, not to mention operational repercussions and recovery-related costs.
All of this inevitably raises costs, which is challenging for healthcare delivery organizations (HDOs) of all sizes but notably for mid-sized and smaller systems that serve areas outside of densely populated areas. As a result, millions of people have less access to safe healthcare. As if that weren’t enough, the American Hospital Association and the Cybersecurity and Infrastructure Security Agency have recently released cybersecurity recommendations related to the Russian invasion of Ukraine.
The price is rising
Why have healthcare cyber insurance rates risen so sharply? There are primarily three causes: the first is the data’s absolute worth; the second is the expense, interruption, and long-term effects of a cyberattack; and the third is the sparse availability of cybersecurity safeguards in some HDOs. A few cyberattacks ruin everything for everyone else, raising prices for everyone—even those with excellent procedures in place. This final issue merits some more examination. While some HDOs have done a fantastic job putting in place appropriate cybersecurity policies and standards, others have lagged far behind in doing so. Some organizations still haven’t implemented multifactor authentication, some haven’t put up access controls for privileged users, and many lack a strong identity governance framework.Those with dubious cyber standards end up being the most exposed and least able to invest in people, processes, and technology, creating a vicious cycle. Everyone’s assault rate increases after one, with the largest impact being felt by those who are least able to withstand it.
The government has already been involved
The outbreak has shown how crucial healthcare is to the infrastructure of every country and how crucial it is for governments to protect it from cyberattacks. Government participation has often been centered on runaway-cost industries. Subsidies were used to boost oil and gas production in the early 1900s, and subsequently, they were used to allow oil corporations to drill on government land without having to pay royalties. The federal government started giving subsidies to farmers during the time of the Great Depression to protect them against changes in prices, revenues, and yields as well as to finance their conservation efforts, insurance coverage, export sales, research, and other activities.
We’ve subsidized everything throughout the years, including housing, cars, and healthcare (the latter with the Affordable Care Act). These subsidies have always been intended to help important industries lower their costs of operation, and safeguard the underlying elements required for vital sectors to operate or improve the nation’s capacity to compete internationally.
the first two requirements are met by healthcare. So, should the next big subsidy be funding cybersecurity for healthcare systems?
The Subsidy Question
The government finds it challenging to regulate the rates that cyber insurance companies charge because they are private organizations. However, if certain requirements are satisfied, they can make modifications to help offset the rising price of this insurance. Security experts agree that the healthcare sector would continue to fall behind in cybersecurity without direction and money provided by standards, financing, or other incentives like tax breaks.
Therefore, how would subsidization appear? The subsidies would probably take the shape of credits to healthcare providers or sliding pay to permit more investment in human capital and technology. The government may provide preferred vendor designation to insurers who collaborate with service providers to grow and maintain security. Whatever the case, it is imperative that applicants for any subsidy provide evidence that the bare minimum of cybersecurity controls are in place. Without such a requirement, the healthcare organizations and their patients lose out and the insurance companies gain.
Given that subsidies are funded by taxes, nothing here is likely to change overnight. Despite being a divisive subject, healthcare has assisted the country in overcoming several big obstacles, most notably the pandemic. What better course of action is there than for the government to provide the help that the industry can use as needed?
What is our next step?
The state of healthcare is crucial. Political leaders are acting since this field is one of the most important ones for the American economy and public health. A bill that President Biden signed on March 15 mandates that healthcare firms notify the Department of Homeland Security of any intrusions within 72 hours and 24 hours after a ransom payment. The government is already involved because it understands the seriousness of these acts. Patients and their health information, as well as the healthcare systems that provide for them, maybe more vulnerable to cyberattacks as the demand for telemedicine increases. All of this will make bad actors who want to target that data and stop potentially life-saving processes more vulnerable.
Allowing this discussion will highlight the differences across health systems and highlight how unprepared some are to deal with cyberattacks. Politicians should think about how federal incentives may entice HDOs to invest in cybersecurity to safeguard patient data and, more crucially, to maintain universal access to healthcare.