The healthcare sector has to store increasing quantities of personally identifiable and sensitive information, making it one of the most attractive targets for data theft. However, according to EY’s Global Information Security Survey 2018-2019, the sector’s awareness of cyber risks is growing, and many organizations are determined to put stronger protections in place.
“Progress has been made, but more work is necessary,” the study’s authors say. “The healthcare sector has seen a number of cybersecurity incidents and alerts in recent months. In one incident, the health records of almost 100 million patients worldwide were put at risk by security bugs found in one of the world’s most widely used patient and practice management systems. In another, information such as the full names, dates of birth, insurance information, disability status, and home addresses of 2 million patients in Central America were exposed by a security failure."
“Healthcare data is extremely valuable on the dark web, which makes healthcare organizations attractive to attackers. One in 3 US healthcare organizations have suffered a cyberattack, and 1 in 10 have paid a ransom.”
Half of organizations in the healthcare sector and the government and public sector say they have increased spending on cybersecurity over the past 12 months, while 66% plan to spend more over the next 12 months.
One in six companies in healthcare says that customers’ personal and identifiable information is most valuable to cyber criminals, while 25% say malware has most increased their risk exposure.
Careless or unaware employees are seen by healthcare companies as the vulnerability that has most increased their risk exposure over the past 12 months (cited by 33%).
Only 18% of healthcare companies are very confident that they would detect a sophisticated attack on their organization.
“Importantly, more organizations are now beginning to recognize the broad nature of the threat,” says Richard Watson, EY Asia-Pacific Cybersecurity Leader. “One thing that has changed for the better over the past 12 months, partly because of some of those big cyber attacks we’ve seen at a global level, is a growing realization that security is also about maintaining the continuity of business operations — and not only about the security of data and privacy.”
The survey, conducted in 2018, captures the responses of over 1,400 C-suite leaders and information security and IT executives and managers, representing many of the world’s largest and most recognized global organizations.