14 DAY TRIAL // A report by KPMG highlights that four-fifths of executives for healthcare providers and payers acknowledge they have been compromised in recent cyber-attacks.
The report was comprised after gathering survey results from 223 US-based healthcare executives, all market leaders, from both the for-profit and non-profit sectors.
All organizations had revenues higher than $500 million, 70% of them surpassing $1 billion.
Putting the data together, KPMG experts found that healthcare organizations are facing unprecedented security risks thanks mainly to a serious of reasons.
These include the evolving threat landscape, the adoption of digital patient records, antiquated clinical hardware and software, and the spread of electronic equipment and services that simplify the distribution of patient and health information (laptops, USBs, cloud services, etc.).
65% of executives are afraid of external attackers
65% of healthcare executives see external attackers as the primary danger to their company's security, while at the other side of the spectrum, inadequate firewalls are considered a problem by only 27%.
In between, 48% of executives see sharing data with third-party apps as a security problem, while 35% consider wireless computing, employee breaches and theft as an important security risk.
Malware is reported as the main line of attack in 67% of all the cases, followed by HIPAA (Health Insurance Portability and Accountability Act) violations (57%), employee theft/negligence (40%), medical device security (32%), and aging IT hardware (31%).
But there's a bright side. Compared to financial institutions, healthcare organizations are targeted far less in security attacks. This also comes to explain why the security measures in the healthcare system are so lackadaisical.
According to the KPMG survey, in the last year, executives revealed that only 13% of their companies were targeted by attacks more than 350 times. On the other side, 44% of them recorded less than 50 attacks.
These small numbers help explain why 19% of all healthcare providers have admitted they don't have a cyber-security department at their company, a number which is even lower for healthcare payers, at 8%.
Additionally, 25% of healthcare providers and 20% of healthcare payers, also admitted they don't have a security operations center.
Taking into account the highly sensitive information these organizations work with on a regular basis, the percentage should be zero in all cases.
