A balancing act: Fixing the security-vs-cost tightrope
Despite a slight decrease in the average cost of data breach recovery (around $9.77 million) in 2024, the healthcare industry remains the costliest sector for cyber-attacks. It’s an infamous ranking that healthcare has held since 2011 and is likely to hold for a while. The finance sector comes in a distant second at $6.1 million per data security breach.[1]

The reasons are well known, of course. Healthcare has high-value data that bad actors seek, including sensitive patient information and medical records. Furthering the problem (or opportunity for criminals) are the inherently high number of security considerations and regulations that come with healthcare. A mishmash of new and old technologies isn’t helping, either. Outdated software and human error all operate within a complex IT infrastructure that serves to crack open more doors for breaches.
Something’s got to give
In a perfect world, increasing efficiencies in technology would not only improve security but mitigate some of the rising costs for it. But this isn’t a perfect world. Healthcare technology isn’t creating new efficiencies, much less providing any such balance between better security and costs.
So, the question for health tech users becomes, is there a breaking point? As technology costs continue to rise while the level of security effectively declines, will they pay the price or throw their hands in the air and give up altogether?
Inside the design and development rooms at MediSprout, we see this imbalance and we’re working to bring it in line.
How we view the challenge of data security
From a development perspective, adding security to something old and inherently insecure is more expensive than designing and developing with security already in place. So we develop our platform from the get-go with known security principles. But because we know that new threats will arise, we leave considerable room for plug-in mitigations. Security patches, plugins, and updates are seamless because we’ve planned for them.
An ounce of prevention…
While often futile, a contingency plan in case of a breach is important. An even better strategy is to use software that limits access to sensitive information by unauthorized users in the first place. Sounds obvious, I know. But it’s an especially important point in data security.
How do we do that? Without getting too technical, limiting unauthorized access and mitigating threats to data can be achieved by applying several layers of restrictions to a journey that’s compounded (for bad actors) by calculated separation between data models. Put another way, we make the pathway virtually impossible to navigate if you aren’t supposed to be there.
Beyond HIPAA compliance
In healthcare, data security shouldn’t just be about preventing unauthorized access. At MediSprout (we can’t speak for the whole industry, unfortunately), data security considerations extend to authorized guests. That is, helping therapists and patients to securely deliver data to the right people at the right time. In a new era of patient-centric care, secure data sharing is critical, and it’s vital for the stronger patient/therapist alliances that fuel that centricity.
A delay in care due to a slow turnaround of a patient’s records, for example, is symptomatic of antiquated technology, and, too often, “status-quo” design thinking. That’s another industry-wide technology problem (or attitude) we’re trying to reverse. It doesn’t have to be that way. Resiliency and secure accessibility are designed and built into our infrastructure right from the start. And it goes beyond records sharing. From visit schedules to video calls to therapist notes, virtually all applications require the secret handshake.
Third-party validation
Highly secure healthcare technology carries a lot of value for patients and therapists. Maintaining that value and instilling a layer of integrity are vital. Our diligence in that effort drives even more peace of mind for everybody on the platform. To that end, we review and validate our security and compliance technology and processes weekly with third-party specialists. Independent consultants also help us stay up to date on revised standards, new trends, and the latest threats.
Striking a balance
The security-versus-cost imbalance is one of the many aspects of broken healthcare technology that we’re committed to fixing. We’re confident that our solutions for a higher level of security haven’t significantly impacted on the costs of our system for users.
As our marketing team likes to say, “It’s security without compromise.” Our design and dev teams work to hit that sweet spot every day.
Juan Pereyra is the technical director at MediSprout.
0 Comments
Leave a comment