U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.
The data from the survey revealed that 78 percent of respondents have already experienced an email-related cyberattack in the form of ransomware or malware, or both, in the past 12 months—in many cases with more than a dozen instances. Not surprisingly, based on these findings, 87 percent expect email-related security threats to increase or significantly increase in the future, researchers said. The study specifically examined perspectives from 76 IT professionals responsible for information security, representing a variety of healthcare provider facilities.
Reflecting on recent high profile attacks, such as WannaCry and Petya, which in some cases shut down entire hospital operations, 83 percent of respondents said that ransomware is the most concerning type of email-related threat, followed by other sophisticated threats in this order: malware, targeted attacks such as spear-phishing, and business email compromise. What’s more, 97 percent of healthcare providers said they have a high level of concern about cybersecurity and resilience.
Further, the vast majority of respondents, 93 percent, rated email as mission critical to their organization—and almost half cannot live with email downtime. Additionally, four out of five respondents said they use email to send protected health information (PHI). But the good news is that these same organizations are working on a variety of initiatives to build their cyber resilience strategy. The top three resilience initiatives are preventing attacks (94 percent), training employees (90 percent), and securing email (77 percent), according to the research.
“This study confirms that no healthcare provider is immune to this growing threat of email-related cyber attacks. While the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry best practices to address these threats,” Bryan Fiekers, senior director, HIMSS Analytics, said in a statement.