Cyberattacks on Healthcare Institutions Continue to Increase, Survey Finds

June 17, 2019
A silver lining is that industry awareness has never been higher, researchers pointed out

More than eight in ten (83 percent) healthcare organizations have acknowledged they have seen an increase in cyberattacks over the past year, with about two-thirds noting that these attacks have become more sophisticated, according to a new survey.

The research from cybersecurity company Carbon Black included responses from 20 healthcare CISOs (chief information security officers) and one of the core takeaways was that “with increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. The problem has been further compounded by limited cybersecurity staffing and stagnant cybersecurity budgets in the industry.”

However, researchers also noted that the awareness of healthcare’s cybersecurity problem has never been higher. “While the industry has traditionally lagged when compared with, say, finance or retail, the healthcare ransomware attacks of 2017 (and the many others to follow) served as a clarion call that too many cyber-attackers do not adhere to the principle of ‘do no harm.’”

Other key findings from the report include:

  • Last year, Carbon Black’s healthcare customers saw an average of 8.2 attempted cyberattacks per endpoint each month, according to Carbon Black’s data.
  • Nearly half (45 percent) of surveyed healthcare organizations said they’ve encountered attacks where the primary motivation was destruction of data over the past year.
  • Two-thirds (66 percent) of surveyed healthcare organizations said their organization was targeted by a ransomware attack during the past year.
  • When asked, “What is the biggest concern to your organization?” the top answers in the survey were: compliance (33 percent); budget and resource restrictions (22 percent); loss of patient data (16 percent); vulnerable devices (16 percent); and inability to access patient data (13 percent).
  • 84 percent of surveyed healthcare organizations said they train their employees on cybersecurity best practices at least once per year. Nearly half (45 percent) said they conduct training multiple times per year for employees.
  • When asked to self-grade their organization’s cybersecurity posture, the top three answers were: C (33 percent), B (25 percent) and B- (16 percent).

The report’s authors concluded. “Regular education of employees, greater awareness of modern threats and the prospect of building out larger threat hunting teams can all go a long way in helping to curb attacks. As we’ve learned from this survey of some of the world’s leading healthcare CISOs, it does not appear that the volume and frequency of attacks will be abating anytime soon.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?