By Christine Kern, contributing writer
Survey shows that patient data is increasingly valuable and vulnerable to hackers.
While 81 percent of health IT leaders responding to a KPMG survey said their systems had been compromised by cyberattacks, only half of providers report that they are adequately prepared for a cyberattack. Malware and botnets were cited as the top lines of attack during the past 12 to 24 months.
According to the 2015 KPMG Healthcare Cybersecurity Survey, the number of attacks is increasing with 13 percent of respondents indicating they are targeted by external hack attempts about once a day. Another 12 percent see about two or more attacks per week and, perhaps more concerning, 16 percent of healthcare organizations said they cannot detect in real-time if their systems are compromised.
“The vulnerability of patient data at the nation’s health plans and approximately 5,000 hospitals is on the rise and healthcare executives are struggling to safeguard patient records,” said Michael Ebert, leader in KPMG’s Healthcare & Life Sciences Cyber Practice. “Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed. A key goal for execs is to advance their institutions’ protection to create hurdles for hackers.”
The survey polled 223 chief information officers, chief technology officers, chief security officers, and chief compliance officers representing 161 providers and 101health plans, all of which had at least $500 million in revenue. Sixty-five percent of the respondents noted external attackers as an area of vulnerability, followed by 48 percent citing shared data with third parties. And only 16 percent of the executives reported no events that compromised their organizations in the past two years, with the remaining executives unsure.
Greg Bell, who leads KPMG’s Cyber Practice, feels many organizations not seeing frequent cyber-attacks may underestimate the threat. “Healthcare organizations that can effectively track the number of attempts have less cause for worry than those who may not detect all of the threats against their systems,” said Bell. “The experienced hackers that penetrate a vulnerable health care organization like to remain undetected as long as they can before extracting a great deal of content, similar to a blood-sucking insect.”
“I would argue that many of the providers aren't even aware that their systems have been compromised,” Ebert told Modern Healthcare. “They don't necessarily know who's in their systems or what's occurred.”