By Katie Wike, contributing writer
The Ponemon Institute reports healthcare organizations battle at least one cyber-attack each month.
A report from the Ponemon Institute finds the average healthcare organization has battled at least one cyber-attack per month over the last year. Fierce Health IT reports 48 percent of organizations surveyed said their organization had a breach involving loss or exposure of patient information during the same time-frame.
“The concurrence of technology advances and delays in technology updates creates a perfect storm for healthcare IT security,” said Stephen Cobb, senior security researcher at ESET in a news release. “The healthcare sector needs to organize incident response processes at the same level as cyber criminals to properly protect health data relative to current and future threat levels. A good start would be for all organizations to put incident response processes in place, including comprehensive backup and disaster recovery mechanisms. Beyond that, there is clearly a need for effective DDoS and malware protection, strong authentication, encryption and patch management.”
Despite obvious concerns about the security of mobile health, only 27 percent of respondents said their organization includes medical devices in its cybersecurity strategy. Even more startling, only 33 percent of respondents rate their organization's cybersecurity posture as very effective.
According to Government Health IT, the most commonly reported security incidents were web-borne malware attacks (named by 75 percent of respondents), exploits of existing software vulnerability less than three months old (70 percent), spear phishing (69 percent), and lost or stolen devices (61 percent).
“Based on our field research, healthcare organizations are struggling to deal with a variety of threats, but they are pessimistic about their ability to mitigate risks, vulnerabilities and attacks,” said Larry Ponemon, chairman and founder of The Ponemon Institute. “As evidenced by the headline-grabbing data breaches over the past few years at large insurers and healthcare systems, hackers are finding the most lucrative information in patient medical records. As a result, there is more pressure than ever for healthcare organizations to refine their cybersecurity strategies.”