It was revealed that over the past year, 83% of surveyed healthcare organisations have seen an increase in cyber attacks, with two-thirds of the respondents stating that the cyber attacks have become even more sophisticated. Attackers are utilising methods to attack organisations including destructive attacks, island hopping, counter incident response and fileless attacks.
Additionally, the survey identified that 45% of healthcare organisations have encountered attacks over the past year, where the primary motivation was the destruction of data, whilst 33% of organisations have encountered instances of island hopping.
Although the threat of ransomware attacks to the healthcare industry have quieted down, according to the survey 66% of health organisations said their organisation was targeted by a ransomware attack during the past year.
The report wrote:
“In targeting healthcare organizations, ransomware attackers are taking advantage of the “do no harm” principle. Meaning, when forced to decide between paying a ransom or being unable to access critical patient files, the healthcare provider has no choice – they have to pay, lest a patient potentially incur great harm or loss of life.”
When asking respondents what their biggest concern was to their organisation, the top answers were: compliance (33%), budget and resource restrictions (22%), loss of patient data (16%), vulnerable devices (16%) and the inability to access patient data (13%).
However, 84% of healthcare organisations stated that they train their employees on cybersecurity best practices at least once a year, with 45% stating that conduct training is run multiple times per year for employees.
“It’s no longer realistic to base security strategy on reactive defence alone. The inevitability of breach puts pressure on organizations to start proactively detecting and neutralizing attack vectors by improving visibility, hunting threats and developing effective measures to combat counter incident response.”
Rick McElroy, Carbon Black’s Head of Security Strategy and one of the report authors wrote:
“The potential, real-world effect cyber attacks can have on healthcare organisations and patients is substantial.
“Cyber attackers have the ability to access, steal and sell patient information on the dark web. Beyond that, they have the ability to shut down a hospital’s access to critical systems and patient records, making effective patient care virtually impossible.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
