Cybersecurity Report: Stakes are High, but Healthcare Orgs Ill-Equipped | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cybersecurity Report: Stakes are High, but Healthcare Orgs Ill-Equipped

March 12, 2018
by Rajiv Leventhal
| Reprints

About 62 percent of healthcare executives admitted to experiencing a cyber attack in the past year, with more than half losing patient data as a result, according to a new survey from Merlin International, a cybersecurity solutions provider for healthcare organizations, in partnership with the Ponemon Institute.

Recognizing that hospitals and payer organizations are facing constant, increasingly destructive cyber attacks, this survey of 627 healthcare organization executives looked to examine the myriad of cybersecurity-related challenges and how organizations are (or are not) addressing them.

Among healthcare providers surveyed, the majority set, manage and/or determine IT priorities, budgets and strategy while working at organizations counting between 100-500 patient beds (67 percent) and with an estimated 10,000 to 100,000 network connected devices (66 percent).

The survey data revealed that organizations are equally concerned with external attacks (63 percent) as they are with employee negligence or malicious insiders (64 percent). But what are the bad guys after? When asked, respondents highlighted the top five items: patient medical records (77 percent); patient billing information (56 percent); log-in credentials (54 percent); passwords and other authentication credentials to systems, servers or applications (49 percent); and clinical trial and other research information (45 percent).

What’s more, hackers, who are eager to cause chaos, steal or hold data for ransom subject healthcare organizations to all types of attacks. The exploitation of existing software vulnerabilities greater than three months old leads the way at 71 percent, followed closely by Web-borne malware attacks at 69 percent. While the report found many traditional attack types being used, the rise of ransomware—at 37 percent—"should raise alarm as this is a new and lucrative attack vector. Hackers are successfully earning significant income from holding systems and data hostage,” the researchers found.

Another concern is the security of medical devices. 65 percent surveyed responded “no” or “unsure” when asked whether the security of medical devices is part of their overall cybersecurity strategy. And though these devices appear to be a new and growing target for attackers, 31 percent have no plans to include them in the near future.

More than half (52 percent) of those surveyed agreed that a lack of employee awareness and training affects their ability to achieve a strong security posture. In addition, 74 percent cited insufficient staffing as the biggest obstacle to maintaining a fully effective security posture. According to responses, only 51 percent of organizations have a dedicated chief information security officer (CISO) and 60 percent surveyed don’t think they have the right cybersecurity qualifications in-house. What’s more, only half of the organizations (51 percent) have any type of incident response program at all.

“In an increasingly connected, digitally centric world, hackers have more opportunities and incentive than ever to target healthcare data, and the problem will only increase in scope over time,” Merlin International’s Director of Healthcare Strategy, Brian Wells, said in a statement. “Healthcare organizations must get even more serious about cybersecurity to protect themselves and their patients from losing access to or control of the proprietary and personal information and systems the industry depends on to provide essential care.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.

Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.