More than one-in-four (27 percent) North America-based health IT employees admit that their employer has experienced a ransomware cybersecurity attack within the past year, according to cybersecurity company Kaspersky Lab’s latest report, “Cyber Pulse: The State of Cybersecurity in Healthcare.”
Employees of healthcare organizations in the U.S. and Canada, who admit their awareness of a ransomware cybersecurity attack, also claim that it wasn’t a one-time occurrence—with a third (33 percent) claiming it happened more than once.
The findings from the report—which include responses from nearly 1,800 employees based in healthcare organizations, in a variety of roles, ranging from doctors and surgeons, to admin and IT staff—“uncover a continuous pattern of ransomware cybersecurity attacks plaguing organizations in the healthcare industry, while also providing insight on employee perceptions and behaviors related to cybersecurity in the workplace,” according to the authors.
Data breaches heavily targeting healthcare organizations, such as WannaCry, have brought attention to the vulnerabilities that exist in the industry, making healthcare organizations an even bigger target for cybercriminals. There have been more than 100 hacking/IT-related healthcare organization incidents affecting 500 or more individuals in the U.S. alone this year, according to the U.S. Department of Health and Human Services (HHS).
Of those healthcare employees aware of a cyberattack occurring, 85 percent of Canadians and 78 percent of Americans claim to have experienced up to five ransomware cybersecurity attacks in the past five years or more. “The research shows that the industry is not learning from its mistakes and continues to suffer. Even though the healthcare industry has its cybersecurity challenges and has lost many battles to cybercriminals, healthcare employees do care about the protection of the organization,” the report’s authors stated.
The top reason healthcare employees care about having cybersecurity measures in place at their organization is to protect patients (71 percent), according to the survey. In addition, three out of five people (60 percent) claim they care because they want to protect people and organizations they work with, and nearly a third of respondents (31 percent) say they care because they do not want to lose their job as a result of not having appropriate cybersecurity measures.
What’s more, just over a fifth of respondents (21 percent) said that they don’t think their organization would suffer a data breach in the forthcoming year and 23 percent claim they are confident in the organization’s strategy.