Report: Healthcare cyberattacks occur almost monthly
Healthcare organizations face about one cyberattack per month and are still struggling to find effective strategies to keep systems secure, according to new research from the Ponemon Institute.
In a poll of 535 healthcare IT and IT security practitioners, 48 percent said their organization had a breach involving loss or exposure of patient information in the past year. They cited some of their biggest threats as system failures, unsecured medical devices, identity thieves and unsecured mobile devices.
Despite widespread publicity about insecure medical devices, however, only 27 percent of respondents said their organization includes medical devices in its cybersecurity strategy.
Other findings from the report include:
- Exploits of existing software vulnerabilities and Web-borne malware attacks are the most common security incidents.
- On average, organizations have an advanced persistent threat (APT) incident every three months, yet only 26 percent said their organizations have systems and controls in place to detect and stop them.
- Sixty-three percent of respondents said the primary consequences of APTs and zero-day attacks were IT downtime, followed by the inability to provide services. Forty-four percent said these incidents resulted in the theft of personal information.
- Only 33 percent of respondents rate their organizations' cybersecurity posture as very effective.
The organizations surveyed on average spend 12 percent of their IT budgets on information security, compared with the 3 percent to 6 percent cited in recent research from HIMSS Analytics and Symantec Corp. That study found healthcare organizations are struggling with lack of resources to secure their systems and data.
Another recent healthcare security report, by Baltimore-based Independent Security Evaluators, concluded that lack of cybersecurity preparedness increasingly puts patients in danger.
To learn more:
- download the report (registration required)
Resource constraints hamper hospital cybersecurity efforts
An industry in turmoil: Poor cyberthreat prep puts patients in danger
Employee education vital in defense against ransomware
HHS OCR maps HIPAA Security Rule to NIST Cybersecurity Framework