Merlin International, a cybersecurity solutions provider for healthcare organizations, in partnership with the Ponemon Institute, a leading IT security research organization, today released the results of its “2018 Impact of Cyber Insecurity on Healthcare Organizations” study. Recognizing that hospitals and payer organizations (healthcare organizations or HCOs) are facing constant, increasingly destructive cyber attacks, this survey examines the myriad of cybersecurity-related challenges and how organizations are (or are not) addressing them. Results show the security stakes are high, with 62 percent of the 627 executives surveyed admitting to experiencing an attack in the past 12 months, and more than half losing patient data as a result.
According to publicly available data, breaches in the last year hit a new all-time high. Of five industries tracked, the Medical/Healthcare industry accounted for more than 23 percent of total breaches in 2017, resulting in the exposure of more than five million patient records. Only the business sector saw more successful attacks, with HCOs following second for the fourth year running.
Among healthcare providers surveyed, the majority set, manage and/or determine IT priorities, budgets and strategy while working at organizations counting between 100-500 patient beds (67 percent) and with an estimated ten thousand to one hundred thousand network connected devices (66 percent). A detailed categorization of survey respondents can be found in the full report.
Notably, organizations surveyed are equally concerned with external attacks (63 percent) as they are with employee negligence or malicious insiders (64 percent). And what are the bad guys after? When asked, respondents highlighted the top five items:
- Patient medical records (77 percent)
- Patient billing information (56 percent)
- Log-in credentials (54 percent)
- Passwords and other authentication credentials to systems, servers or applications (49 percent)
- Clinical trial and other research information (45 percent)
Hackers eager to cause chaos, steal or hold data for ransom subject healthcare organizations to all types of attacks. The exploitation of existing software vulnerabilities greater than three months old leads the way at 71 percent, followed closely by Web-borne malware attacks at 69 percent. While the report finds many traditional attack types being used, the rise of ransomware – at 37 percent – should raise alarm as this is a new and lucrative attack vector. Hackers are successfully earning significant income from holding systems and data hostage.