Insights| December 23, 2018
Third Of Healthcare Workers Aware Of Cyber Attacks Against Their Companies
At least a third of healthcare workers say their companies have been targeted by cybercriminals and have been victim to ransomware more than once, a new survey by Kaspersky Lab says.
Kaspersky Lab surveyed 1,758 healthcare employees in the U.S. and Canada to gather perceptions of cybersecurity in their workplace, including awareness of cybersecurity breaches, protection of sensitive information, cybersecurity awareness and training, and more. The study surveyed doctors, surgeons and administrative and IT staff.
The report said 27 percent of healthcare IT employees had said their employer experienced a ransomware cybersecurity attack within the past year, according to the report titled “Cyber Pulse: The State of Cybersecurity in Healthcare.”
According to the report, 78 percent of U.S. and 85 percent of Canadian healthcare workers, who said they were aware of a ransomware cybersecurity attack to their organization, claimed to have experienced up to five attacks.
The report further adds that a sixth of healthcare workers said they know of a ransomware cybersecurity attack on their organization that has occurred in the past five years or more.
Health sector not learning from previous attacks
Worryingly, the study showed that the healthcare industry in North America was not learning from previous mistakes and continued to suffer.
In a statement, Kaspersky Lab said data breaches heavily targeting healthcare organizations, such as WannaCry, had “brought attention to the vulnerabilities that exist in the industry, making healthcare organizations an even bigger target for cybercriminals.”
Kaspersky Lab vice president of enterprise sales, Rob Cataldo said healthcare companies were a major target for cybercriminals because in the past, cybercriminals had been successful in in attacking those businesses.
“As organizations look to improve their cybersecurity strategies to justify employee confidence, they must examine their approach. Business leaders and IT personnel need to work together to create a balance of training, education, and security solutions strong enough to manage the risk, Cataldo said.
Since healthcare organizations collect and store vast amounts of personal information, they have become major targets for cybercriminals. The personal information they store can be used for identity theft.
The survey sought to establish awareness of ransomware attacks amongst healthcare workers, the number of attacks experienced, how many workers would report a suspicious email to their employer’s IT team and how often third-party requests to share personal patient information are granted. Also, the survey sought to learn the number of workers who cared about having cybersecurity measures in place, why they care and what improvements were needed to secure organization and patient personal information.
The U.S. Department of Health and Human Services estimates that there there have been more than 100 hacking or IT-related healthcare organization incidents affecting 500 or more individuals in the U.S. this year.
Despite attacks, healthcare employees confident of cybersecurity strategies
The survey pointed out that despite their organizations’ cybersecurity shortcomings, healthcare employees cared about the protection of their organizations.
Seventy one percent of healthcare employees said their cared about having cybersecurity measures to protect patients. “Three out-of-five people claim they care because they want to protect people and organizations they work with, and nearly a third of respondents (31 percent) say they care because they do not want to lose their job as a result of not having appropriate cybersecurity measures,” Kaspersky said.
In addition, the cybersecurity firm said, while there was room for improvement, healthcare employees had confidence in their employers’ cybersecurity strategies. One in five of the respondents said he/she was confident that the organization would not suffer a data breach in the forthcoming year, while 23 percent said they were confident in their organization’s strategy.
Cataldo added that although 20 percent of healthcare employees in North America were confident that their organizations would not suffer a data breach in the forthcoming year, even though “whether they realize it or not, their industry is suffering hundreds of breaches a year.”
Forbes reported that the last five years had seen a surge in the number of attacks on the healthcare industry, citing an example of the 2015 cyber-attack on Anthem, which saw hackers steal 78.8 million patient records, claiming highly sensitive data, including names, social security numbers, home addresses and dates of birth.
It is estimated that in 2016, more than 16 million patient records were stolen from healthcare organizations in the U.S. In 2016, healthcare was the fifth most targeted industry when it came to cyberattacks.
According to Protenus Breach Barometer, more than 1 million patient records were exposed in 110 healthcare data breaches in the first quarter of 2018.