Carbon Black’s new report, Healthcare Cyber Heists in 2019, surveyed industry CISOs to understand how attacks to the industry have evolved.
It was revealed that over the past year, 83% of surveyed healthcare organisations have seen an increase in cyberattacks, with two thirds of the respondents stating that the cyberattacks have become even more sophisticated. Attackers are utilising methods to attack organisations including destructive attacks, island hopping, counter incident response and fileless attacks.
Additionally the survey identified that 45% of healthcare organisations have encountered attacks over the past year, where the primary motivation was the destruction of data, whilst 33% of organisations have encountered instances of island hopping.
Although the threat of ransomware attacks to the healthcare industry have quieted down, according to the survey 66% of health organisations said their organisation was targeted by a ransomware attack during the past year.
The report wrote:
“In targeting healthcare organizations, ransomware attackers are taking advantage of the “do no harm” principle. Meaning, when forced to decide between paying a ransom or being unable to access critical patient files, the healthcare provider has no choice – they have to pay, lest a patient potentially incur great harm or loss of life.”
When asking respondents what their biggest concern was to their organisation, the top answers were: compliance (33%), budget and resource restrictions (22%), loss of patient data (16%), vulnerable devices (16%) and the inability to access patient data (13%).
However 84% of healthcare organisations stated that they train their employees on cybersecurity best practices at least once a year, with 45% stating that conduct training is run multiple times per year for employees.
“It’s no longer realistic to base security strategy on reactive defense alone. The inevitability of breach puts pressure on organizations to start proactively detecting and neutralizing attack vectors by improving visibility, hunting threats and developing effective measures to combat counter incident response.”
Rick McElroy, Carbon Black’s Head of Security Strategy and one of the report authors wrote:
“The potential, real-world effect cyberattacks can have on healthcare organisations and patients is substantial.
“Cyber attackers have the ability to access, steal and sell patient information on the dark web. Beyond that, they have the ability to shut down a hospital’s access to critical systems and patient records, making effective patient care virtually impossible.”
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.