Greater than half of healthcare cybersecurity professionals mentioned that their group has skilled a phishing assault within the final 12 months, making it the commonest sort of cybersecurity incident in healthcare, in keeping with new survey from the Healthcare Data and Administration Programs Society.
Cybersecurity has develop into a key subject for the U.S. healthcare system. Simply final month, the Federal Bureau of Investigation, together with the Cybersecurity and Infrastructure Safety Company and Division of Well being and Human Companies, released an advisory warning of an “imminent and elevated cybercrime menace” to healthcare suppliers.
The brand new survey from HIMSS polled 168 U.S.-based healthcare cybersecurity professionals, of which 55% labored at a supplier group. The survey was performed from March to September.
Survey outcomes present that the highest 5 sorts of cybersecurity incidents healthcare organizations skilled prior to now 12 months are:
- Phishing assaults (57%)
- Credential harvesting assaults (21%)
- Social engineering assaults apart from phishing (20%)
- Ransomware or different malware (20%)
- Theft or loss (16%)
About 28% of respondents mentioned that the cybersecurity incidents disrupted info know-how operations, whereas 27% mentioned it disrupted enterprise operations and 20% % reported that the incidents resulted in a financial loss, comparable to wire fraud or extortion.
The cybersecurity incidents additionally had an influence on affected person care, the survey reveals. Roughly 61% mentioned that the incidents disrupted non-emergency scientific care, and 28% mentioned it interrupted emergency companies. About 17% mentioned the incidents led to critical affected person hurt. Most respondents (61%) mentioned they don’t really feel that their group has efficient mechanisms in place to find affected person questions of safety that will end result from cybersecurity incidents.
Healthcare organizations’ reliance on inner sources to stop these incidents has additionally grown. A overwhelming majority of the respondents (75%) mentioned their organizations discovered of cybersecurity incidents from inner safety groups, up from 46% of respondents who mentioned the identical in a 2019 HIMSS survey.
Following a cyberattack, most respondents (75%) mentioned their group adopted new or improved safety measures, whereas 67% mentioned they drafted, revised and/or examined insurance policies, procedures and documentation. About 65% mentioned their group performed a vulnerability scan.
Although most organizations have applied antivirus/anti-malware options (91%) and firewalls (89%) to stop cybersecurity incidents, they’re lagging with regard to different safeguards. Solely 64% of respondents reported that their organizations have put in multi-factor authentication. Although this determine has elevated considerably from 37% in HIMSS’ 2015 survey, it nonetheless leaves greater than a 3rd of organizations with out multi-factor authentication — a key technique for shielding in opposition to safety breaches.
“Healthcare organizations have to make cybersecurity a fiscal, technical, and operational precedence,” the report states. “Upgrading or changing legacy programs, conducting end-to-end safety threat assessments, enhancing cybersecurity consciousness and coaching applications, and growing cybersecurity budgets are a couple of, proactive steps that may be taken.”
Photograph credit score: HYWARDS, Getty Photographs
— to medcitynews.com