The question that arises when the topic of risk quantification comes up in healthcare is, “How much is it going to cost me?” said Jack Lewin, speaking during the HIMSS Healthcare Security Forum in Boston.
“How do we value the healthcare data we’re trying to protect here?” asked Lewin, founder and principal of consultant Lewin & Associates.
Chief information security officers and other experts taking part in “Cyber Risk Quantification in Healthcare” indicated there is no definitive answer, Healthcare Finance reports.
Hospitals and other healthcare entities are the only organizations able to make multimillion-dollar investments in which no ROI is shown and the benefits are unclear outside of the security team, said Michael Meis, associate chief information security officer for the University of Kansas Health System.
Security is believed to be either secure or not, Meis said.
“Really, it’s a sliding scale,” he said.
One way to measure the cost is to look at values of patient information on the dark web, Meis said. Read more.
