Healthcare Organizations Unprepared for Increasing Cyberattacks: Report

Healthcare organizations continue to be a major target for cybercriminals as 81 percent of healthcare executives report that their organizations have been hit by at least one malware, botnet or other cyberattack over the past two years, according to the 2015 KPMG Healthcare Cybersecurity Survey.

While organizations in the healthcare sector increasingly see these malicious attacks – 13 percent reporting to be targeted by external hack attempts about once a day – less than half feel like they are adequately prepared in preventing them. The report, which surveyed 223 CIOs, CTOs, CSOs and chief compliance officers at health care providers, found that 16 percent of organizations have no way to detect in real-time if their systems are under attack.

A report this year by Ponemon echoed these results, finding that 90 percent of healthcare organizations had a data breach and 40 percent had over five incidents in the last two years, resulting in a $6 billion loss to the industry.

With the rise in cyberattacks against healthcare organizations comes an interest from venture capital firms in investing in the solutions that help these organizations keep patient data safe through managed infrastructure, compliance and other solutions. Earlier this year, ClearDATA closed $25 million in funding to maximize growth in the health cloud sector.

“The vulnerability of patient data at the nation’s health plans and approximately 5,000 hospitals is on the rise and health care executives are struggling to safeguard patient records,” said Michael Ebert, leader in KPMG’s Healthcare & Life Sciences Cyber Practice said in a statement. “Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed. A key goal for execs is to advance their institutions’ protection to create hurdles for hackers.”

Sixty-six percent of executives at health plans report to be well-prepared in the event of a cyberattack, while only 53 percent of providers report the same. Healthcare organizations with more revenue are better equipped than smaller ones to deal with cyberattacks, which could present an opportunity to managed security providers focused on smaller organizations and healthcare compliance.

The majority of survey respondents (65 percent) report that external attackers are their greatest security vulnerability, sharing data with third parties (48 percent) and employee breaches (35 percent) rounded out the top three concerns.

According to the KPMG survey, the areas with the greatest vulnerabilities within an organization include external attackers (65 percent), sharing data with third parties (48 percent), employee breaches (35 percent), wireless computing (35 percent) and inadequate firewalls (27 percent).

Malware is the most frequently reported line of attack during the past 12 to 14 months, according to 65 percent of survey respondents. Botnets and internal attack vectors (such as employees compromising security) were cited by 26 percent of respondents.