Hospitals Transition to New

Approaches to Combat

Cybersecurity Concerns

Research PREVIEW for

US Hospital Cybersecurity Market: 2015-2021

2K00D-48

Key Highlights

Source: Frost & Sullivan

Solutions

The array of products that comprise the hospital cybersecurity market is vast and expanding.

The top six IT security technologies that hospitals are deploying today include anti-

virus/malware, encryption/tokenization, security incident and event management, identity and

access management, web application firewalls, and risk and compliance management. Hospitals

also spend considerable and growing sums on managed and professional services.

Drivers

The top three drivers influencing the hospital cybersecurity market include Increased

healthcare digitization and focus on data interoperability; the dynamic and constantly evolving

cyber threat landscape; and the need to comply with regulatory requirements.

Challenges

In spite of a growing awareness of the problem of increased cyber threats, many healthcare

organizations face considerable challenges as they gear up to do battle with cyber attackers.

Hospitals’ lack of leadership, appropriately trained staff, and adequate financial resources

are critical concerns.

Regulatory

Healthcare providers must comply with HIPAA; following additional security frameworks like

HITRUST or NIST is voluntary. Federal lawmakers are taking an increased interest in

addressing the growing incidence of healthcare data breaches and cyber attacks and

regulatory requirements and scrutiny are expected to increase.

Future Direction

Hospitals are transitioning from a reactive, piecemeal, fragmented approach to protecting privacy

and security that is highly dependent on HIPAA compliance to an approach that is proactive,

holistic, and coordinated, anchored by integrated solutions designed to protect multiple

endpoints (computers and connected medical devices).

3K00D-48

Market Scope and Segmentation

For the purpose of this study, the term “hospital cybersecurity” refers to information security and

cybersecurity solutions sold to all U.S. registered hospitals (N=5,627 as of 2016).*

This study sizes and forecasts the hospital cybersecurity solutions (products and services) market at a

broad level, estimating the total spend by US hospitals for cybersecurity products and services as

defined by Frost & Sullivan for 2015 through 2021.

Limitations – A vast array of solutions span the IT security/ cybersecurity market. The industry has no

consistent way of categorizing market segments for cybersecurity solutions and there is often overlap

between products and services as well as various sub-segments of solution categories. Furthermore,

the IT vendor landscape for the hospital cybersecurity industry is highly fragmented, consisting of

hundreds of large and small companies providing a wide range of products and services. This study

only highlights select vendors in key market segments.

Scope - The scope of this study only encompasses hospitals’ spend on cybersecurity IT solutions as

defined by Frost & Sullivan and does not include related categories such as cybersecurity insurance.

Geographic Coverage United States (US)

Study Period 2015—2021

Base Year 2015

Forecast Period 2016-2021

Monetary Unit US Dollars

Source: Frost & Sullivan*Any institution that can be classified as a hospital according to the requirements may be registered if it so desires. Membership in the

American Hospital Association is not a prerequisite.

5,627 U.S. Hospitals

4K00D-48

What solutions (products and services) comprise the US hospital cybersecurity market? Whoare the key vendors serving this market?

What are the market-shifting macro trends impacting the need for cybersecurity solutions inUS hospitals?

What are the specific drivers and restraints impacting the market for cybersecurity solutionsused in US hospitals over the next 5 to 6 years?

What is the 6-year spend outlook for cybersecurity solutions deployed by US hospitals?

Key Findings

Source: Frost & Sullivan

Key Questions This Study Will Answer

What are the key competitive dynamics that vendors serving the hospital cybersecurity marketneed to understand?

5K00D-48

CEO’s Perspective

Source: Frost & Sullivan

2

Hospitals have traditionally underspent on IT security due to a

poor understanding of the nature and extent of the risk as well as

the relatively new phenomenon of the widespread use of EHRs,

mobile phones and tablets, and connected medical devices.

3

Traditional solutions and approaches to combating cyber threats

don’t work. The industry will inevitably transition to a more

coordinated approach and deployment of new types of integrated

solutions that focus on securing computer endpoints.

4

A variety of vendors are flooding the healthcare cybersecurity

market. Many buyers are confused and naive today. However, as

hospitals change their culture around IT security and gain in

sophistication, vendors will face closer scrutiny and tougher

selling environments.

5

Vendors need to innovate to survive including building or buying

advanced functionality and next generation capabilities as the

market moves from protecting the walled garden to protecting a

vast connected perimeter with numerous vulnerable endpoints.

1

The healthcare industry is struggling to respond to an alarming

increase in the incidence of data breaches over the past few

years. The government has taken notice of the increased threat

environment and is likely to issue new regulatory requirements.

6K00D-48

Hospital Cybersecurity Market: Market Segmentation, US, 2015

*Average percentage of total IT security spend allocated to category

80% Hospital Cybersecurity Spend 20% Hospital Cybersecurity Spend

Hardware

Software

Delivery

Managed

Professional

Network

Security

Endpoint

Security

Data

Security

Perimeter

Security

Application

Security

Hospital Cybersecurity Solutions

Layers of Cybersecurity

Products Services+

Market Segmentation for Hospital Cybersecurity

Source: Frost & Sullivan

7K00D-48

Why Healthcare is Focused on Protecting Data Privacy

and Security

Source: Frost & Sullivan

Protecting data privacy and security is a key focus for healthcare organizations today due to the increased adoption of

EHRs. Potential multi-million dollar fines for violations are just part of the damages organizations can face—fraudulent

medical claims, risks to patient safety, theft of intellectual property, and damage to reputation and future business viability

are also considerable risks.

The digitization of health information has the potential for greatly streamlining

and improving healthcare delivery. However, digitized health information also

increases concerns about the protection of individual privacy and the provision

of adequate data security.

The patient medical record includes some of the most sensitive private

information about people. Data breaches that result in the loss of PHI

contained in paper or medical electronic records are caused by a variety of

factors including unauthorized access (the most common cause), improper

disposal, loss, or theft of portable electronic devices such as laptops, tablets,

flash drives, or mobile phones.

But it’s the increase in cyberattacks targeting healthcare information technology

(IT) systems that is most troubling. In 2015, 98.1% of breached healthcare

records was due to hacking attacks/IT incidents.

Who Can See Your Protected Health

Information?

Data Privacy Versus Data Security

Data Privacy in the healthcare context usually means the right of individuals to limit access to

and control sharing of information about their person; this is also called informational privacy.

Data Security pertains to protective measures and tools for safeguarding information and

information systems.

8K00D-48

Source: Johns (2008) and Frost & Sullivan

Threats to Information Privacy

Threats to Information Integrity

Threats to Information Reliability

• Insider accidental disclosures/errors

• Abuse by insiders of access privileges

• Insider unauthorized access

• Outside intruders

• Insider accidental error

• Insider malicious attack

• Intruder attack

• Software failure

• Strategic attack

• Natural hazards

• Equipment and software failures

• Human error

• Theft, malice, or strategic attack

This is the

big one!

Wetware

The human element of IT

The nature and types of threats to health data and information can be identified in three key categories –

information privacy, integrity, and availability (or reliability)

Threats to the Privacy and Security of Healthcare

Information

9K00D-48

Source: Ponemon (2016), Redspin (2015) and Frost & Sullivan

Recent Data Breaches Targeting US Healthcare Organizations*

*Based on an analysis of HHS data

The Scope of the Problem

98.1% of records

breached in 2015 were

the result of hacking

attacks/IT incidents

Data Breach Average Costs

Healthcare provider = $2.2 M

Business Associate = $1 million

Healthcare Industry Overall = $6.2 B

10K00D-48

Source: Frost & Sullivan

Key Market Dynamics Driving the Focus on Hospital

Cybersecurity

Increased Number of Endpoints Across

Dispersed Care Settings

Constantly Evolving Cyber Threat Landscape

MobilizationIncreased Value of PHI on

Black Market

Rapid Increased in the Digitizationof Health Data and Push to Share

Data (Interoperability)

Connected Medical Devices/Internet of Things

The Growth of Web-Based Applications

New Era of IncreasedRegulations/Regulatory Scrutiny

Hospitals understand that growing concerns about cybersecurity—including the threat of patient harm—ensures increased

enforcement of risk management programs and processes by regulatory bodies, requiring them to spend more time, effort

and money to combat costly and potentially dangerous data breaches and cyber attacks.

11K00B-48

Contents

Section

Executive Summary

Market Background

Overview of Health Information Privacy and Security

The Healthcare Cybersecurity Landscape

Hospital Cybersecurity Market—Drivers, Restraints, and Trends

Hospital Cybersecurity Market—Spending Forecast and Trends

Competitive Environment

Growth Opportunities

Future Perspectives

Appendix and List of Exhibits

12K00B-48

List of Exhibits

Exhibit

US Hospital Cybersecurity Market: Frost & Sullivan Research Methodology, 2016

Hospital Cybersecurity: Market Engineering Measurements, US, 2015

Hospital Cybersecurity: Estimated Percentage of Total IT Spend for Products Versus Services, US, 2015

Hospital Cybersecurity Market: Estimated Penetration of Solutions, US, 2015

Hospital Cybersecurity Market: Market Segmentation, US, 2015

Hospital Cybersecurity Market: Distribution Structure, US, 2016

Hospital Cybersecurity Market: Top Security Threats for Healthcare Organizations, US, 2016

Hospital Cybersecurity Market: Top Types of Security Incidents for Healthcare Organizations, US, 2016

Hospital Cybersecurity Market: Top Ten Security Technologies and Services Seen as Most Effective in Achieving Security

Objectives by Healthcare Organizations, US, 2016

Hospital Cybersecurity Market: Challenges Impacting Healthcare Organizations’ Cybersecurity Mitigation, US, 2016

Hospital Cybersecurity Market: Key Drivers, US, 2016–2021

Hospital Cybersecurity Market: Key Restraints, US, 2016–2021

13K00B-48

List of Exhibits

Exhibit

Hospital Cybersecurity Solutions Market: Total Spend Forecast, US, 2015–2021

Hospital Cybersecurity Market: Percent Spend Forecast by Segment, US, 2015–2021

Hospital Cybersecurity Market: Total Spend Forecast by Segment, US, 2015–2021

Hospital Cybersecurity Market: Products Segment Spend Forecast, US, 2015–2021

Hospital Cybersecurity Market: Products Segment Spend Forecast and Percentage of Total Market Spend, US, 2015 and

2021

Hospital Cybersecurity Market: Services Segment Spend Forecast, US, 2015–2021

Hospital Cybersecurity Market: Services Segment Spend Forecast and Percentage of Total Market Spend, US, 2015 and

2021

Hospital Cybersecurity Market: Penetration Analysis for Product Segment, US, 2015

Hospital Cybersecurity Market: Penetration Analysis for Services Segment, US, 2015

Hospital Cybersecurity Market: Numbers and Types of Vendors, US, 2016

Hospital Cybersecurity Market: Select Market Participants by Tiers of Competition, US, 2016

Hospital Cybersecurity Market: Vendor Competitive Differentiators, US, 2016

Hospital Cybersecurity Market: Key Customer Metrics, US, 2016

14K00B-48

List of Exhibits

Exhibit

Hospital Cybersecurity Market: Distribution and Sales Metrics, US, 2016

Hospital Cybersecurity Market: Pricing and Business Model Trends, US, 2016

Hospital Cybersecurity Market: Important Growth Metrics, US, 2016

Hospital Cybersecurity Market: Technology Roadmap, US, 2014 through 2020 and Beyond

Hospital Cybersecurity Market: Select Industry Terms, US, 2016

Interested in Full Access? Connect With Us

Jaylon BrinkleyCorporate Communications Associate

(210) 247-2481

jaylon.brinkley@frost.com

Research Authors

Lead Analyst:

Nancy Fabozzi

Research Director:

Daniel Ruppar Facebook

https://www.facebook.com/FrostandSullivan

LinkedIn Grouphttps://www.linkedin.com/company/frost-&-sullivan

SlideSharehttp://www.slideshare.net/FrostandSullivan

Twitterhttps://twitter.com/Frost_Sullivan

Frost & Sullivan Eventshttp://bit.ly/MvPRbQ

GIL Communityhttp://ww2.frost.com/gil-community

Private

Briefings

Growth

Workshop

Growth

Implementation

Solutions

Growth

Strategy

Dialog (GSD)

Growth Partnership Service Growth Consulting

Where are we?

Market Analysis

Fact Foundation

What might the

future bring?

Macro to Micro

Generation,

Evaluation &

Prioritization of

Opportunities

How do we

get there?

Best practices

implementation

Growth

Environment

Visioning

Scenarios

Growth

Pipeline

Growth

Strategy

Growth

Implementation

GIL

Events

How We Work With Clients

Our Client Engagement Model: Driving Transformational Growth for our Clients

Where can I start?

Schedule a GSD with our

Growth Consultants

Take the “Next Step!”

Contact Us:

Discuss your specific needs, challenges or opportunities in the with our Transformational Health Team.

Growth Strategy Dialog:

Schedule a Growth Strategy Dialog with our Global Transformational Health Team to discuss your strategic growth

development, learn from the companies performing best practices and discover growth opportunities impacting your

company

Contact us or call 1(800) GO Frost.

Survive and Thrive in an Unpredictable Future:

Our Growth Partnership program integrates everything we do into a continuous and renewable flow of research,

vision, strategy, implementation and learning that will help your company develop actionable transformational growth

strategies that allow you to survive and thrive in an unpredictable future. Click here to learn more.

Gain a Competitive Edge and Improve Your ROI:

Integrate our Growth Consulting team into your growth pipeline projects, using our proprietary tools and expertise

support clients through all five phases of the growth cycle: From developing a pipeline of growth opportunities to

evaluating and prioritizing those opportunities to formulating and implementing go-to-market strategies to ongoing

monitoring. Click here to learn more.

Global Perspective40+ Offices Monitoring for Opportunities and Challenges

Industry ConvergenceComprehensive Industry Coverage Sparks Innovation Opportunities

Automotive&

Transportation

Aerospace & Defense Measurement &

Instrumentation

Information &

Communication Technologies

HealthcareEnvironment & Building

Technologies

Energy & Power

Systems

Chemicals, Materials

& Food

Electronics &

Security

Industrial Automation

& Process Control

Automotive

Transportation & Logistics

Consumer

Technologies

Minerals & Mining