The healthcare industry is among the most affected by security incidents, and new research shows that two-thirds of all healthcare organizations in the world have suffered a cyberattack of some form.
The value of patient data is a key driver behind hackers’ attempts to compromise healthcare systems. They seek to either steal precious data or wield ransomware to block access to crucial systems, ramping up pressure on health care providers when they’re trying to take care of patients.
A study covering 2,391 IT and IT security practitioners from the United States, the United Kingdom, Germany, Austria, Switzerland, Benelux and Scandinavia found that a worrying number of organizations in this field have been targeted over the years, much more than we might suspect.
"Electronic health records are some of the most lucrative documents on the dark web, so it's not surprising that the healthcare industry is highly-targeted by cybercriminals," said Darren Guccione, CEO and Co-Founder of Keeper.
"While the majority of healthcare organizations have already experienced a cyberattack, this research shows the industry still doesn't have the necessary resources and budget allocated to preventing and responding to major data breaches,” he said. “Patients depend on providers to protect their sensitive health information and moreover, their lives via connected medical devices. Therefore, it's critical that cybersecurity become a top priority in healthcare."
Data breaches, which were among the major types of incidents, averaged 7,202 patient and employee records lost or stolen per incident, with a hefty price tag of $1.8 million per breach. Of course, the costs of a security incident include more than just stolen data; it's also about disruptions incurred to the target organization.
Not surprisingly, the biggest problem is phishing (68%), which is also a carrier for other types of security issues, including the deployment of malware (41%). The study also revealed that 40% of the attacks came from other types of web-based vectors.
The greatest concern identified by the research was that 90% of healthcare organizations dedicate less than 20% of their IT budget to cybersecurity, with an average allocation of 13%. Furthermore, 87% of the IT professionals say they have too little staff for a correct cyber response.