News | Cybersecurity | October 31, 2016

Healthcare Industry Lacking in Basic Cybersecurity Awareness Among Staff

New healthcare cybersecurity report exposes risk of attacks through social engineering, highlights vulnerability of industry

cybersecurity, healthcare industry, SecurityScorecard report, social engineering, cyberattacks

October 31, 2016 — SecurityScorecard, a security rating and continuous risk monitoring platform, released its 2016 Healthcare Industry Cybersecurity Report in October. The report is a comprehensive analysis exposing alarming cybersecurity vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies. Security breaches in this industry pose devastating consequences, according to the company, because they can render an entire system or network inoperable, creating a life or death situation that needs immediate attention.

Among all industries, healthcare ranks 15th out of 18 in Social Engineering, suggesting a security awareness problem among healthcare professionals, putting millions of patients at risk.  The Verizon Data Breach Report ranks Social Engineering as the third most common cause for breaches, a number that is rising at the same rate as Hacking and Malware.

"The low Social Engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient," said Alex Heid, chief research officer at SecurityScorecard. "Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear phishing and other social engineering attacks. For a hacker, it only takes one piece of information such as learning the email structure of an organization to exploit an employee into divulging sensitive information or providing an access point into that organization's network."

Another risk is the array of devices with wireless capabilities such as Internet of Things (IoT) devices, wireless medical devices and tablets, which have paved the way for medical advances benefiting hospitals and patients. However, their speedy delivery and implementation has resulted in subpar security setups.

"As long as these IoT devices are manufactured with poor security standards, the vulnerability doesn't only lie within the devices themselves, but they also pose a risk to any hospital, treatment center or individual using the device. If a connected device is hacked into, the device can be forced to malfunction or it can be used as a pathway to reach an organization's primary network," continued Heid.

Among the report's key findings are:

  • Over 75 percent of the entire healthcare industry has been infected with malware over the last year;
  • Ninety-six percent of all ransomware targeted medical treatment centers;
  • Healthcare manufacturing nearly reaches a 90 percent malware infection rate;
  • Sixty-three percent of the 27 biggest U.S. hospitals have a C or lower in Patching Cadence, which measures an organization's ability to implement security software patches in a timely fashion;
  • Healthcare has the fifth highest count of ransomware among all industries;
  • Over 50 percent of the healthcare industry has a Network Security score of a C or lower; and
  • Past-breached healthcare companies still have 242 percent as many low scores in Social Engineering compared to non-breached companies

Ransomware and breaches are affecting the healthcare industry at an increasingly alarming rate, according to the report, with 22 major public breaches occurring since August 2015. Earlier this year, Hollywood Presbyterian Medical Center paid $17,000 as a result of ransomware after losing access to patient records for 10 days. In March 2016, 21st Century Oncology struggling with DNS Health, Network Security and Patching Cadence suffered a data breach that led to a loss of 2.2M patient records and a $57M class-action lawsuit. Overall, breached healthcare companies still struggle with security post-breach, according to the report.

 

Related Healthcare Cybersecurity Content:

Raising the Bar for Medical Device Cyber Security

Market Report Calls Into Question St. Jude Medical EP Device Safety, Cybersecurity

FDA Harshly Criticizes Abbott, St. Jude For Failure to Address EP Device Safety

Healthcare 2015 Data Breaches - Why the Cloud Is Not Responsible

HIMSS: Two-Thirds of Healthcare Organizations Experienced a Recent, Significant Security Incident

How You Should – and Should Not – Be Sharing Medical Information With Patients

How Can Doctors Practice Better Security?

 

For more information: www.securityscorecard.com

Related Content

AMA survey finds economic, patient-care impact of Change Healthcare cyber-attack ongoing
News | Cybersecurity
Life After Change Cyber-attack: Without Payment for Claims, Physicians Struggle to Keep Practices Afloat

April 10, 2024 — The American Medical Association (AMA) released informal survey findings (PDF) showing the ongoing ...

Home April 10, 2024
Home
In a new letter sent to federal officials on March 12, the American Medical Association (AMA) has presented six relief proposals to support physicians impacted by Change Healthcare hack, and praised the creation of the Change Healthcare/Optum Payment Disruption (CHOPD) Accelerated Payments.
News | Cybersecurity
AMA Presents Relief Proposals to Federal Officials to Support Physicians Impacted by Change Healthcare Hack

March 14, 2024 — The American Medical Association (AMA) has issued a new letter to federal officials in which it praised ...

Home March 14, 2024
Home
An AMA letter sent to Secretary Bacerra outlines ongoing concerns of physicians amidst the cybersecurity incident that has impacted Change Healthcare
News | Cybersecurity
As Cyberattack Jeopardizes Physician Practices, AMA Demands Action

March 6, 2024 — As the cyber-takedown of Change Healthcare has forced medical practices to go without revenue for a ...

Home March 06, 2024
Home
Videos | Cybersecurity
VIDEO: A Look at Cybersecurity and How Healthcare is at Risk

This year at HIMSS, the theme is Health That Connects + Tech That Cares, and cybersecurity is indeed a part of this ...

Home April 21, 2023
Home
The survey reflects the opinions of healthcare cybersecurity professionals that are responsible for either day-to-day operations or oversight of healthcare cybersecurity programs
News | Cybersecurity | By Melinda Taschetta-Millane
2022 HIMSS Healthcare Cybersecurity Survey Report Results Published

April 10, 2023 — The 2022 HIMSS Healthcare Cybersecurity Survey results were recently published. The survey reflects the ...

Home April 10, 2023
Home
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices
News | Cybersecurity
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices

August 29, 2019 — Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion ...

Home August 29, 2019
Home
New Report Examines Hospital Cybersecurity Challenges in Georgia
News | Cybersecurity
New Report Examines Hospital Cybersecurity Challenges in Georgia

August 20, 2019 — Healthcare data breaches are currently being reported at a rate of more than one a day, according to a ...

Home August 20, 2019
Home
According to the National Association of County and City Health Officials, only 33 percent of the organizations plan against cybersecurity threats and initiate patient identity protection protocols.
Feature | Cybersecurity | Maxim Chernyak
How to Protect Health Data With Security Testing Automation

As the National Association of County and City Health Officials state, healthcare breaches remained to be costly and ...

Home May 06, 2019
Home
Videos | Cybersecurity
VIDEO: Preventing Medical Imaging Cyberattacks

Anton S. Becker, M.D., radiology resident at the University Hospital of Zurich, Switzerland, discusses the long-term ...

Home December 12, 2018
Home
FDA and DHS Expand Partnership on Medical Device Cybersecurity
News | Cybersecurity
FDA and DHS Expand Partnership on Medical Device Cybersecurity

October 30. 2018 — The U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) will ...

Home October 30, 2018
Home
© Copyright Wainscot Media. All Rights Reserved.
Subscribe Now