84% of Healthcare Organizations Detected a Cyberattack in the Past 12 Months
A recent survey of 1,309 healthcare IT and security professionals by Netwrix revealed 84% detected a cyberattack or intrusion in the past 12 months, with account hijacking and phishing the most common types of attacks. Account compromise was the most common type of attack for organizations with cloud-based infrastructure and occurred at 74% of surveyed healthcare organizations, but just 44% of organizations with on-premises infrastructure. For organizations with on-premises infrastructure, phishing was the most common type of attack with 63% of respondents having experienced at least one phishing attack in the past 12 months. Phishing was the second most common type of incident for organizations with cloud-based infrastructure, with attacks reported by 62% of respondents.
Healthcare workers can be particularly vulnerable to phishing attacks and are less likely than workers in other sectors to receive regular security awareness training. “Healthcare workers regularly communicate with many people they do not know — patients, laboratory assistants, external auditors, and more — so properly vetting every message is a huge burden. Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients. Combined, these factors can lead to a higher rate of security incidents,” says Dirk Schrader, VP of Security Research and Field CISO EMEA at Netwrix.
Cyberattacks on healthcare organizations are more likely to cause financial damage than attacks on other sectors. Across all industries, 60% of organizations experienced financial damage following a cyberattack, whereas 69% of cyberattacks on healthcare organizations resulted in financial damage. 57% of respondents estimated financial damage of greater than $10,000, with 36% stating the financial damage was greater than $50,001.
There are several reasons for this. Healthcare organizations store highly sensitive data and face a risk of regulatory penalties and lawsuits are more commonly filed when there has been a breach of protected health information compared to other types of personal data, according to Netwrix. Across all industry sectors, 13% of organizations that experienced a cyberattack had at least one lawsuit filed over the data breach, compared to 19% in healthcare, and healthcare cyberattacks are more likely to trigger a change in senior leadership than other sectors – 21% vs 13%.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The high risk of experiencing a cyberattack is influencing priorities and spending decisions. Automation is vital in healthcare as it can improve efficiency and save valuable time due to the high number of manual processes, but while it is a key priority for 46% of respondents, the high risk of cyberattacks and the implications of a successful attack is making data security (64%) and network security (54%) greater priorities.
