Over Half of IT Security Pro’s Do Not Believe They Will be Targeted by Hackers

Major cyberattacks have been suffered by a number of HIPAA-covered entities this year. The frequency of cyberattacks on healthcare providers and insurers has increased. However, over half of IT security professionals do not believe their organization will become a victim of a cyberattack, according to a new report issued by the Ponemon Institute.

Should this belief turn out to be true it is great news, as 61% of IT pros do not believe their organization is well prepared to deal with a cyberattack if one does occur. If they are wrong, it is very bad news indeed.

Cybersecurity Survey Produces Worrying Results


The results of the Ponemon survey are worrying. Evidence suggests cyberattacks on healthcare providers have increased, and the volume of records exposed in those attacks has spiraled this year. Unfortunately, despite the increase in attack frequency and severity, HIPAA-covered entities do not appear to be doing much to counter the threat according to the report.

IT security professionals were asked what measures they were planning to deploy over the coming 12 months, and whether advanced threat detection technology would be implemented to counter the increasing threat of attack. Use of these technologies were not planned to be increased by almost half of respondents (49%) and 6% of respondents indicated their use of these technologies was actually expected to decrease over the course on the coming year.

When asked about the technologies currently being used, surprisingly few IT security professionals indicated their organizations were taking the threat of attack seriously. 90% stated that the use of security analytics was important, very important or essential, yet only 36% of organizations were actually using this technology.

The report also details the major areas of concern. Advanced persistent threats were the major worry, being ranked as a concern by 67 percent of respondents. Zero-day attacks were also deemed to be a major problem by 57 percent of security pros. Login attacks were the third most worrisome threat, rated as a concern by 37 percent of respondents.

Larry Ponemon, founder and chairman of the Ponemon Institute said, “This research reveals some major disconnects that IT professionals seem to have between perception and reality,” he went on to express his concern about the findings of the research saying “It’s shocking to learn that half of security pros don’t even view themselves as a target.”

A look at the OCR breach reporting portal clearly shows the severity and frequency of breaches have increased. If the threat level is not recognized, many security professionals could be in for a rude awakening.

Severity and Frequency of Healthcare Cybersecurity Breaches Has Increased Significantly


This year, major cybersecurity incidents have been suffered by healthcare providers, health plans and their Business Associates according to breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights (OCR).

Before 2015, the largest healthcare data breaches ever reported all exposed fewer than 5 million records. The largest data breaches being those suffered by Tricare (4.9 million records), Science Applications International Corporation (4.9 million records), Community Health Systems (4.5 million records) and Advocate Medical Group (4 million records).

In 2015 alone, colossal data breaches have been suffered by Anthem Inc. (78.8 million records), Premera Blue Cross (11 million records) and Excellus Health Plan (10 million records). The top three healthcare data breaches have all been caused by hackers, and have all been discovered in 2015.

Other major healthcare data breaches reported this year include UCLA’s 4.5 million-record breach and the Medical Informatics Engineering data breach that exposed 3.9 million records.

Hacking data breaches in 2015 have exposed a total of 111,709,398 patient or subscriber records. Last year the total number of healthcare data breaches reported to the OCR, including all types of data breaches (hacking, improper disposal, accidental disclosure, loss of devices, theft of devices, other and unknown) exposed a little over 12.5 million records. 12,504,190 to be exact. It is clear that the severity of hacking data breaches has increased year on year.

As for the frequency of cyberattacks, as of today, 50 hacking incidents have been reported to the OCR so far in 2015 and there are still two months to go before the year is out. In 2014, the OCR breach portal details just 31 data breaches that were attributed to hacking. A clear increase year on year.

Further information

Larry Ponemon, along with Mike Paquette, will be announcing and discussing the full findings of the Ponemon Institute’s Advanced Threat Detection with Machine-Generated Intelligence study in a live webinar on November 11, 1 p.m ET.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.