Cybercrime has been found to be the leading cause of data breaches within the healthcare industry for the second year in a row, according to the Ponemon Institutes’ Six Annual Benchmark Study on Privacy & Security on Healthcare Data.
This report found that over fifty percent of surveyed health providers deem cybercriminal attacks as the leading cause of data breaches experienced in the past two years. The second most common cause is due in part to an error by a third-party vendor (41%).
Even worse, Ponemon found over 89% of those surveyed experience a data breach over the last 2 years, 79% suffered a minimum of two breaches, and 45% admitted to experiencing over 5 data breaches in the last 24 months.
And the cost to clean up the mess left after a data breaches is still staggering, with providers paying an average of $2.2 million, and $6.2 billion as an industry.
Employee negligence made the top of the list as the most commonly cited security concern at 69%, followed by cyber-attacks at 45%.
Distributed Denial of Services (DDoS) attacks are of the highest concern among healthcare providers (48%), with ransomware (44%) and malware (41%) falling closely behind.
This survey also found that the large majority of healthcare organizations feel their industry is much more vulnerable to data breaches than other industries today. More than half of respondents claim that they have not been vigilant enough in ensuring that third party providers are safely managing their sensitive data, but third party providers feel a bit differently. 54% of third party providers blame healthcare employees themselves for their negligence in dealing with patient information.
Among the information most often compromised were medical files (64%) and billing and insurance information (45%).
This not so shocking report states what IT Security providers have been saying for years, and further instills that the healthcare industry is still, somehow, not taking protecting sensitive information as seriously as they should be.
If this report has taught us anything, it’s that the healthcare industry needs to reposition its defenses and implement best in class breach prevention and detection solutions to ward off cyber-criminals and protect the medical credentials of its consumers. Having solutions in an organization's IT environment that can detect the presence of malware and ensure hardening measures and user access controls are being enforced will help better protect the sensitive data that make up the healthcare sector.
Any drift from configuration or breach activity needs to be alerted in real time, and with solutions with Breach Detection and File Integrity Monitoring, your organization will be able to monitor any activity within sensitive files and alert you if and why a breach occurs.
Each time access is provided to healthcare data, the potential for loss of privacy & integrity increases. With that being said, healthcare organizations need to embrace state-of-the-art data security solutions and meet security & compliance requirements so avoid being the next victim of a large-scale attack.
Read this article on SCMagazine