Healthcare lags behind most other industries in recognizing and reporting phishing attacks, new research shows. The resilience of healthcare providers to phishing emails is much lower than in other verticals, while its high turnover rate might have something to do with it.
A Cofense report based on shared US client data indicates that the US healthcare industry has improved its resilience rate – the ratio between users who report a phishing attack versus those that fall for one – from 1.05 in 2015 to 1.49 in 2018. Despite this improvement, though, healthcare still falls behind other industries, such as Energy (4.01), Financial (2.52) and Legal (2.50).
The susceptibility percentage across all industries averages 11.9%, while the resiliency rate sits at 1.79. For the healthcare industry, the susceptibility percentage is an alarming 12.4%.
Phishing scams are the most popular attack vectors for bad actors, especially for ransomware operators. Perhaps not surprisingly, the healthcare sector has been heavily battered by ransomware in the last year, with dozens of reported attacks in the past few months alone. In the United States, healthcare organizations suffered a substantial increase in hacking in the second quarter of 2018. And, for the eighth year in a row, healthcare organizations have incurred higher costs than any other sector from data breaches. At an average of $408 per lost or stolen record, costs associated with data breaches in healthcare are nearly three times higher than in other industries.
The report highlights a potential key factor behind this sad state of affairs: churn rate. Doctors, nurses and administrative staff change positions regularly, making it hard to gain traction in the fight against cyber-attacks. High turnover, researchers believe, could be an important influence in the US healthcare industry, and its resilience rate, implicitly.
In an upcoming whitepaper, Bitdefender highlights that healthcare has the highest “abnormal” churn rate of all industries (6.7%), followed by Finance (6.1%) and Pharmaceuticals (5.5%). Organizations that experience less than a 1 percent loss of existing customers experience an average total damage of $2.7 million. However, for companies experiencing a churn rate greater than 4 percent, experts project an average cost of $4.9 million.
Healthcare organizations are also among the slowest to contain a breach, at 103 days. Failure to swiftly identify the data breach leads to higher costs. In 2017, the average total cost was $2.8 million for less than 100 days to identify, and $3.83 million for more than 100 days.