Register / Log In

Healthcare and pharma cyber security rated worst in S&P 500

Analysts worry that a wide-scale security breach could occur in 2014


Healthcare and pharmaceutical companies have the worst cyber security among Standard & Poor’s (S&P) 500, and could suffer from large-scale security breaches in 2014 similar to those experienced by retail companies such as Target and Neiman Marcus, according to a recent report.

BitSight Technologies, a securities ratings company, examined the cyber health of companies on the S&P 500, and found that 82% had been victims of some sort of security breach. Healthcare and pharmaceutical companies ranked the lowest among the four industry categories studied, because of its high volume of incidents and slow response times.

The finance industry ranked best in cyber security, followed closely by the utilities industry. The retail industry, which was rated with a poor performance, came in third. The finance industry has made cyber security a priority and a part of business operations, which led to it outperforming other sectors, according to the study.

“Financial institutions spend more on cyber security than their peers in other industries, and the largest ones tend to go well beyond the measures mandated by government and industry groups,” say the study’s authors. “Many of them share information on emerging industry level threats with their peers in the FS-Information Sharing and Analysis Center, an industry forum.”

When a security event occurs, healthcare and pharmaceutical companies take more than five days, on average, to resolve the situation, while finance companies take less than four days, on average, according to the study. These factors make the healthcare and pharmaceutical industries most vulnerable to large data breaches in 2014.

“Unlike the financial institutions and electric utilities in the S&P 500, the healthcare and pharmaceutical companies do not view cyber security as a strategic business issue,” the study’s authors said. “They do not spend enough resources to protect their data, in part because cyber security has not received the executive level attention it deserves.”

The study’s authors questioned whether the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) is enough to protect healthcare data, because the majority of security breaches occur from stolen or lost devices such as laptops and servers. 

“In general, this sector tends to spend only the resources required to be compliant with regulations such as HIPAA, and compliance does not equate to security. More prescriptive controls and better enforcement of HIPAA would certainly help improve security in the healthcare sector, along with a greater emphasis on security throughout these businesses,” say the study’s authors.

As of June 1, physicians can register to review their Physician Payment Sunshine Act data and correct any errors reported by pharmaceutical and drug manufacturers.

CMS has announced that Medicare will cover hepatitis C virus testing for adults.The ruling specifies that covered testing must be ordered by a primary care provider.

Independent physicians and community health centers may be seeing more veterans as lawmakers on Capitol Hill work to find solutions to the ongoing crisis at the U.S. Department of Veterans Affairs.

Nearly 42% of Medicare claims for evaluation and management services are incorrectly coded, according to a recent report from the U.S. Department of Health and Human Services’ Office of the Inspector General.

Though more patients and physicians are searching Wikipedia for information on illnesses, a study confirms that the website gets details on the most costly diseases wrong.