Despite increased awareness about cyberattacks, the healthcare industry remains unprepared for security breaches that are occurring in greater frequency and sophistication. That’s the takeaway from a new report by Carbon Black, which surveyed 20 CISOs of leading healthcare organizations.
Most executives (83 percent) have seen increased cyberattacks in the past year. Two-thirds say they’ve been targeted by a ransomware attack; one-third have encountered instances of island hopping, in which hackers go after affiliates in a company’s supply chain.
Compared with other industries, the data from hospitals, insurers, pharmacies and a widening array of IoT devices is particularly valuable.
“Cyberattackers have the ability to access, steal and sell patient information on the dark web,” says Rick McElroy, who heads security strategy for Carbon Black. “Beyond that, they have the ability to shut down a hospital’s access to critical systems and patient records, making effective patient care virtually impossible.”
Indeed, the report found nearly half (45 percent) of surveyed CISOs have encountered attacks where the primary motivation was destruction of data.
Poor preparation could play a role. Although most healthcare facilities (84 percent) train their staff in cybersecurity best practices at least yearly, only one-third have a threat-hunting team. The report also notes that the letter grade CISOs most commonly use to grade their organizations’ cybersecurity posture is a C.
The Carbon Black report offers security recommendations for healthcare organizations. Read more at healthtechmagazine.net/SecurityTips.
