Few industries today are faced with as many cyber security threats as the healthcare sector. Patient data is among the most sensitive information in the digital ecosystem, and cyber criminals are often looking to leverage these resources for profit.
As a result, healthcare institutions are frequent targets for attack. Indeed, according to a survey conducted early in 2018 by HIMSS, a non-profit global advisory organization supporting the transformation of health through the application of information and technology, most healthcare organizations had experienced a significant security incident in the previous 12 months.
HIMSS surveyed 239 healthcare executives and cyber security experts between December 2017 and January 2018 and found that three quarters had experienced a recent significant security incident, according to an article posted by HIPAA Journal in March 2018.
Of those that experienced an incident, 96% were able to characterize the threat actor responsible for the attacks, with the top three being online scam artists such as phishers (38%), negligent insiders (21%), and hackers (20%).
More than 60% of the respondents said email was the main initial point of compromise in the attacks. In second place were “other” avenues of attack, including compromised customer networks, Web application attacks, guessed passwords, misconfigured software/cloud services, and human error.
Another 12% said they did not know how the attackers gained access to their networks or data. In most of the cases (68%), incidents were discovered internally (41% by security teams and 28% by non-security personnel).
The HIMSS research indicated that the severity of data breaches in the industry was reduced compared with the year before, which indicates cyber security in healthcare is improving. A majority of the survey respondents (84%) said more resources were being used to address cyber security, with a mere 3% saying resources had decreased year over year. And most of the organizations now employ a senior information security leader.
More than half (56%) said a dedicated or defined amount of the current budget was allocated for cyber security, while about one quarter said there was no specific budget for cyber security but money was being spent as needed or could be requested.
Despite the positive developments, there’s still plenty of room for further cyber security improvement in the industry, according to HIMSS. The organization says compared with other industries healthcare cyber security programs lack maturity, and typically security programs have only been running for five or fewer years.
The need for stronger security in the sector was also brought home in a June 2018 report from cyber security advisor firm Coalfire. In a study noting that mid-sized businesses are benefitting from a security sweet spot that has allowed them to outperform their larger competitors, the firm said healthcare had the worst external security posture of the industries studied.
Meanwhile, the industry continues to be plagued by security threats. According to a March 2018 article in CSO, healthcare organizations tend to have a number of different systems that are not patched regularly, and the critical nature of what healthcare organizations do puts them on the radar of attackers.
The article described the five biggest healthcare security threats for 2018:
Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on Bitdefender blogs.View all posts
Don’t miss out on exclusive content and exciting announcements!