hospitals transition to new approaches to combat cybersecurity concerns
TRANSCRIPT
Hospitals Transition to New
Approaches to Combat
Cybersecurity Concerns
Research PREVIEW for
US Hospital Cybersecurity Market: 2015-2021
2K00D-48
Key Highlights
Source: Frost & Sullivan
Solutions
The array of products that comprise the hospital cybersecurity market is vast and expanding.
The top six IT security technologies that hospitals are deploying today include anti-
virus/malware, encryption/tokenization, security incident and event management, identity and
access management, web application firewalls, and risk and compliance management. Hospitals
also spend considerable and growing sums on managed and professional services.
Drivers
The top three drivers influencing the hospital cybersecurity market include Increased
healthcare digitization and focus on data interoperability; the dynamic and constantly evolving
cyber threat landscape; and the need to comply with regulatory requirements.
Challenges
In spite of a growing awareness of the problem of increased cyber threats, many healthcare
organizations face considerable challenges as they gear up to do battle with cyber attackers.
Hospitals’ lack of leadership, appropriately trained staff, and adequate financial resources
are critical concerns.
Regulatory
Healthcare providers must comply with HIPAA; following additional security frameworks like
HITRUST or NIST is voluntary. Federal lawmakers are taking an increased interest in
addressing the growing incidence of healthcare data breaches and cyber attacks and
regulatory requirements and scrutiny are expected to increase.
Future Direction
Hospitals are transitioning from a reactive, piecemeal, fragmented approach to protecting privacy
and security that is highly dependent on HIPAA compliance to an approach that is proactive,
holistic, and coordinated, anchored by integrated solutions designed to protect multiple
endpoints (computers and connected medical devices).
3K00D-48
Market Scope and Segmentation
For the purpose of this study, the term “hospital cybersecurity” refers to information security and
cybersecurity solutions sold to all U.S. registered hospitals (N=5,627 as of 2016).*
This study sizes and forecasts the hospital cybersecurity solutions (products and services) market at a
broad level, estimating the total spend by US hospitals for cybersecurity products and services as
defined by Frost & Sullivan for 2015 through 2021.
Limitations – A vast array of solutions span the IT security/ cybersecurity market. The industry has no
consistent way of categorizing market segments for cybersecurity solutions and there is often overlap
between products and services as well as various sub-segments of solution categories. Furthermore,
the IT vendor landscape for the hospital cybersecurity industry is highly fragmented, consisting of
hundreds of large and small companies providing a wide range of products and services. This study
only highlights select vendors in key market segments.
Scope - The scope of this study only encompasses hospitals’ spend on cybersecurity IT solutions as
defined by Frost & Sullivan and does not include related categories such as cybersecurity insurance.
Geographic Coverage United States (US)
Study Period 2015—2021
Base Year 2015
Forecast Period 2016-2021
Monetary Unit US Dollars
Source: Frost & Sullivan*Any institution that can be classified as a hospital according to the requirements may be registered if it so desires. Membership in the
American Hospital Association is not a prerequisite.
5,627 U.S. Hospitals
4K00D-48
What solutions (products and services) comprise the US hospital cybersecurity market? Whoare the key vendors serving this market?
What are the market-shifting macro trends impacting the need for cybersecurity solutions inUS hospitals?
What are the specific drivers and restraints impacting the market for cybersecurity solutionsused in US hospitals over the next 5 to 6 years?
What is the 6-year spend outlook for cybersecurity solutions deployed by US hospitals?
Key Findings
Source: Frost & Sullivan
Key Questions This Study Will Answer
What are the key competitive dynamics that vendors serving the hospital cybersecurity marketneed to understand?
5K00D-48
CEO’s Perspective
Source: Frost & Sullivan
2
Hospitals have traditionally underspent on IT security due to a
poor understanding of the nature and extent of the risk as well as
the relatively new phenomenon of the widespread use of EHRs,
mobile phones and tablets, and connected medical devices.
3
Traditional solutions and approaches to combating cyber threats
don’t work. The industry will inevitably transition to a more
coordinated approach and deployment of new types of integrated
solutions that focus on securing computer endpoints.
4
A variety of vendors are flooding the healthcare cybersecurity
market. Many buyers are confused and naive today. However, as
hospitals change their culture around IT security and gain in
sophistication, vendors will face closer scrutiny and tougher
selling environments.
5
Vendors need to innovate to survive including building or buying
advanced functionality and next generation capabilities as the
market moves from protecting the walled garden to protecting a
vast connected perimeter with numerous vulnerable endpoints.
1
The healthcare industry is struggling to respond to an alarming
increase in the incidence of data breaches over the past few
years. The government has taken notice of the increased threat
environment and is likely to issue new regulatory requirements.
6K00D-48
Hospital Cybersecurity Market: Market Segmentation, US, 2015
*Average percentage of total IT security spend allocated to category
80% Hospital Cybersecurity Spend 20% Hospital Cybersecurity Spend
Hardware
Software
Delivery
Managed
Professional
Network
Security
Endpoint
Security
Data
Security
Perimeter
Security
Application
Security
Hospital Cybersecurity Solutions
Layers of Cybersecurity
Products Services+
Market Segmentation for Hospital Cybersecurity
Source: Frost & Sullivan
7K00D-48
Why Healthcare is Focused on Protecting Data Privacy
and Security
Source: Frost & Sullivan
Protecting data privacy and security is a key focus for healthcare organizations today due to the increased adoption of
EHRs. Potential multi-million dollar fines for violations are just part of the damages organizations can face—fraudulent
medical claims, risks to patient safety, theft of intellectual property, and damage to reputation and future business viability
are also considerable risks.
The digitization of health information has the potential for greatly streamlining
and improving healthcare delivery. However, digitized health information also
increases concerns about the protection of individual privacy and the provision
of adequate data security.
The patient medical record includes some of the most sensitive private
information about people. Data breaches that result in the loss of PHI
contained in paper or medical electronic records are caused by a variety of
factors including unauthorized access (the most common cause), improper
disposal, loss, or theft of portable electronic devices such as laptops, tablets,
flash drives, or mobile phones.
But it’s the increase in cyberattacks targeting healthcare information technology
(IT) systems that is most troubling. In 2015, 98.1% of breached healthcare
records was due to hacking attacks/IT incidents.
Who Can See Your Protected Health
Information?
Data Privacy Versus Data Security
Data Privacy in the healthcare context usually means the right of individuals to limit access to
and control sharing of information about their person; this is also called informational privacy.
Data Security pertains to protective measures and tools for safeguarding information and
information systems.
8K00D-48
Source: Johns (2008) and Frost & Sullivan
Threats to Information Privacy
Threats to Information Integrity
Threats to Information Reliability
• Insider accidental disclosures/errors
• Abuse by insiders of access privileges
• Insider unauthorized access
• Outside intruders
• Insider accidental error
• Insider malicious attack
• Intruder attack
• Software failure
• Strategic attack
• Natural hazards
• Equipment and software failures
• Human error
• Theft, malice, or strategic attack
This is the
big one!
Wetware
The human element of IT
The nature and types of threats to health data and information can be identified in three key categories –
information privacy, integrity, and availability (or reliability)
Threats to the Privacy and Security of Healthcare
Information
9K00D-48
Source: Ponemon (2016), Redspin (2015) and Frost & Sullivan
Recent Data Breaches Targeting US Healthcare Organizations*
*Based on an analysis of HHS data
The Scope of the Problem
98.1% of records
breached in 2015 were
the result of hacking
attacks/IT incidents
Data Breach Average Costs
Healthcare provider = $2.2 M
Business Associate = $1 million
Healthcare Industry Overall = $6.2 B
10K00D-48
Source: Frost & Sullivan
Key Market Dynamics Driving the Focus on Hospital
Cybersecurity
Increased Number of Endpoints Across
Dispersed Care Settings
Constantly Evolving Cyber Threat Landscape
MobilizationIncreased Value of PHI on
Black Market
Rapid Increased in the Digitizationof Health Data and Push to Share
Data (Interoperability)
Connected Medical Devices/Internet of Things
The Growth of Web-Based Applications
New Era of IncreasedRegulations/Regulatory Scrutiny
Hospitals understand that growing concerns about cybersecurity—including the threat of patient harm—ensures increased
enforcement of risk management programs and processes by regulatory bodies, requiring them to spend more time, effort
and money to combat costly and potentially dangerous data breaches and cyber attacks.
11K00B-48
Contents
Section
Executive Summary
Market Background
Overview of Health Information Privacy and Security
The Healthcare Cybersecurity Landscape
Hospital Cybersecurity Market—Drivers, Restraints, and Trends
Hospital Cybersecurity Market—Spending Forecast and Trends
Competitive Environment
Growth Opportunities
Future Perspectives
Appendix and List of Exhibits
12K00B-48
List of Exhibits
Exhibit
US Hospital Cybersecurity Market: Frost & Sullivan Research Methodology, 2016
Hospital Cybersecurity: Market Engineering Measurements, US, 2015
Hospital Cybersecurity: Estimated Percentage of Total IT Spend for Products Versus Services, US, 2015
Hospital Cybersecurity Market: Estimated Penetration of Solutions, US, 2015
Hospital Cybersecurity Market: Market Segmentation, US, 2015
Hospital Cybersecurity Market: Distribution Structure, US, 2016
Hospital Cybersecurity Market: Top Security Threats for Healthcare Organizations, US, 2016
Hospital Cybersecurity Market: Top Types of Security Incidents for Healthcare Organizations, US, 2016
Hospital Cybersecurity Market: Top Ten Security Technologies and Services Seen as Most Effective in Achieving Security
Objectives by Healthcare Organizations, US, 2016
Hospital Cybersecurity Market: Challenges Impacting Healthcare Organizations’ Cybersecurity Mitigation, US, 2016
Hospital Cybersecurity Market: Key Drivers, US, 2016–2021
Hospital Cybersecurity Market: Key Restraints, US, 2016–2021
13K00B-48
List of Exhibits
Exhibit
Hospital Cybersecurity Solutions Market: Total Spend Forecast, US, 2015–2021
Hospital Cybersecurity Market: Percent Spend Forecast by Segment, US, 2015–2021
Hospital Cybersecurity Market: Total Spend Forecast by Segment, US, 2015–2021
Hospital Cybersecurity Market: Products Segment Spend Forecast, US, 2015–2021
Hospital Cybersecurity Market: Products Segment Spend Forecast and Percentage of Total Market Spend, US, 2015 and
2021
Hospital Cybersecurity Market: Services Segment Spend Forecast, US, 2015–2021
Hospital Cybersecurity Market: Services Segment Spend Forecast and Percentage of Total Market Spend, US, 2015 and
2021
Hospital Cybersecurity Market: Penetration Analysis for Product Segment, US, 2015
Hospital Cybersecurity Market: Penetration Analysis for Services Segment, US, 2015
Hospital Cybersecurity Market: Numbers and Types of Vendors, US, 2016
Hospital Cybersecurity Market: Select Market Participants by Tiers of Competition, US, 2016
Hospital Cybersecurity Market: Vendor Competitive Differentiators, US, 2016
Hospital Cybersecurity Market: Key Customer Metrics, US, 2016
14K00B-48
List of Exhibits
Exhibit
Hospital Cybersecurity Market: Distribution and Sales Metrics, US, 2016
Hospital Cybersecurity Market: Pricing and Business Model Trends, US, 2016
Hospital Cybersecurity Market: Important Growth Metrics, US, 2016
Hospital Cybersecurity Market: Technology Roadmap, US, 2014 through 2020 and Beyond
Hospital Cybersecurity Market: Select Industry Terms, US, 2016
Interested in Full Access? Connect With Us
Jaylon BrinkleyCorporate Communications Associate
(210) 247-2481
Research Authors
Lead Analyst:
Nancy Fabozzi
Research Director:
Daniel Ruppar Facebook
https://www.facebook.com/FrostandSullivan
LinkedIn Grouphttps://www.linkedin.com/company/frost-&-sullivan
SlideSharehttp://www.slideshare.net/FrostandSullivan
Twitterhttps://twitter.com/Frost_Sullivan
Frost & Sullivan Eventshttp://bit.ly/MvPRbQ
GIL Communityhttp://ww2.frost.com/gil-community
Private
Briefings
Growth
Workshop
Growth
Implementation
Solutions
Growth
Strategy
Dialog (GSD)
Growth Partnership Service Growth Consulting
Where are we?
Market Analysis
Fact Foundation
What might the
future bring?
Macro to Micro
Generation,
Evaluation &
Prioritization of
Opportunities
How do we
get there?
Best practices
implementation
Growth
Environment
Visioning
Scenarios
Growth
Pipeline
Growth
Strategy
Growth
Implementation
GIL
Events
How We Work With Clients
Our Client Engagement Model: Driving Transformational Growth for our Clients
Where can I start?
Schedule a GSD with our
Growth Consultants
Take the “Next Step!”
Contact Us:
Discuss your specific needs, challenges or opportunities in the with our Transformational Health Team.
Growth Strategy Dialog:
Schedule a Growth Strategy Dialog with our Global Transformational Health Team to discuss your strategic growth
development, learn from the companies performing best practices and discover growth opportunities impacting your
company
Contact us or call 1(800) GO Frost.
Survive and Thrive in an Unpredictable Future:
Our Growth Partnership program integrates everything we do into a continuous and renewable flow of research,
vision, strategy, implementation and learning that will help your company develop actionable transformational growth
strategies that allow you to survive and thrive in an unpredictable future. Click here to learn more.
Gain a Competitive Edge and Improve Your ROI:
Integrate our Growth Consulting team into your growth pipeline projects, using our proprietary tools and expertise
support clients through all five phases of the growth cycle: From developing a pipeline of growth opportunities to
evaluating and prioritizing those opportunities to formulating and implementing go-to-market strategies to ongoing
monitoring. Click here to learn more.
Industry ConvergenceComprehensive Industry Coverage Sparks Innovation Opportunities
Automotive&
Transportation
Aerospace & Defense Measurement &
Instrumentation
Information &
Communication Technologies
HealthcareEnvironment & Building
Technologies
Energy & Power
Systems
Chemicals, Materials
& Food
Electronics &
Security
Industrial Automation
& Process Control
Automotive
Transportation & Logistics
Consumer
Technologies
Minerals & Mining