The Washington Post was quite blunt when it labeled 2015 as the year of the healthcare hack.
The newspaper reported that more than 120 million people’s health-related data has been compromised since 2009 in more than 1,100 separate breaches at organizations that handle protected data.
Getting the most attention, Anthem, the United States’ second largest health insurer, was hacked this year, and both Premera Blue Cross and CareFirst BlueCross BlueShield recently announced their networks and data were breached in 2014 in separate attacks.
“2015 is shaping up to be the year consumers should be taking a closer look at who is guarding their health information,” wrote Andrea Peterson, a Washington Post reporter.
Cyber criminals and hackers see healthcare information as highly valuable on the black market, in part because it has a long shelf life, unlike credit card numbers that can be replaced or cancelled with relative ease. An individual’s health data remains essentially unchangeable.
In its 2015 Data Breach Industry Forecast, Experian plc, a global information services group, wrote, “Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cyber criminals. The problem is further exasperated by the fact that many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ PHI [personal health information].”
Looking into Onvia’s database reveals that recent state and local contracting activity has taken an increased focus on protecting patient healthcare data.
Securing Electronic Health Records
As patients get more comfortable with technology and more doctors’ offices seek to get rid of paper health records, public-sector healthcare providers are moving to electronic health records (EHR), increasing the need for a data security.
Onvia’s Project Center shows that state and local government agencies announced 1,186 solicitations for EHR and related security and privacy services in 2014. They also made 211 awards that year, with 25% of those awards valued at $100K-$500K in contract value and 26% valued at $25K or less.
Agencies need more than just the software, they also need training and technical support to use it to its full potential.
Healthcare Agencies are Raising Protective Walls
The experts and organizations tracking the healthcare data industry have seen a noted influx of healthcare hacks. Fifth Annual Benchmark Study on Privacy & Security of Healthcare published by the Ponemon Institute found that 90% of organizations have suffered a security incident due to malware attacks with the most common type of information stolen being medical records, followed by billing and insurance information. Here's an infographic depicting some of the key findings from the Ponemon Institute's study and key market insights from Onvia's database of state and local government market intelligence:
Onvia’s Project Center shows that state and local government agencies released 378 solicitations in 2014 for computer software and services related specifically to healthcare data security initiatives. Agencies also issued 80 awards—twice as many compared to 2013. 68% of those awards ranged from $1-$10 million in contract value.
Key Takeaways for Contractors
Healthcare organizations hold precious data for millions of Americans, and cyber criminals have become more inclined to steal that data. To help prevent future data breaches state and local government agencies are seeking out the help of government contractors to build the necessary protections around sensitive healthcare data.
Furthermore, agencies are dealing with an ever-evolving hacking environment and do not necessarily have the expertise to write complete specifications in their solicitations. This presents an opportunity for experienced contractors to identify those agencies that are planning to secure their networks, develop a strong relationship before the bid or RFP is even published, become a participating consultant and influence how the RFP is written. Companies who wish to help support state and local health agency efforts to protect patient data should consider business and consulting services and IT software and services as key areas where the healthcare data security contracts are available.