81% of Healthcare Organizations Have Been Compromised By Cyber-Attacks
According to a new survey from KPMG, a professional services consulting firm, 81% of healthcare executives claim that their organizations have been compromised by cyber-attacks during the past two years. The report is based on data from a survey of 223 U.S.-based healthcare executives, including chief information officers, technology officers, security officers and chief compliance officers. Fifty-six percent of survey respondents came from for-profit organizations and all had revenues of at least $500 million; 70% of the organizations had revenues over $1 billion.
According to the report, the primary vulnerabilities faced by the healthcare sector are external attackers in the form of malware and botnets, sharing data with third-parties, employee breaches and wireless networking. One of the most surprising figures is that less than half of cyber threats in the past twelve months have been tracked by the organizations surveyed. “One KPMG client saw a 1000% increase in incidents and vulnerability reporting to their enterprise once they implemented an effective Security Operations Center (SOC) to intercept, interpret, and report on threats.”
While they are not as frequently targeted by cyber criminals as financial services organizations, the report indicates a lack of mature cyber security management in the face of increasing risk in the industry. As many healthcare organizations are automating data collection and adopting digital record systems, more and more patient information is made vulnerable to potential cyber-attacks. Only 53% of survey respondents consider their organization adequately prepared to defend against future breaches and attacks. “The richness of the information means that the cyber security threat to healthcare has increased,” says Michael Ebert, KPMG partner and healthcare leader at the firm’s Cyber Practice. “The magnitude of the threat against healthcare information has grown exponentially, but the intention or spend in securing that information has not always followed.”