Survey Discloses 62% of Healthcare Companies Have Suffered a Data Breach in the Past Year

Mar 16, 2018


The latest Ponemon Institute survey has disclosed 62% of healthcare companies have suffered a data breach in the past 12 months. Over half of those companies faced data loss as a consequence.

Even though there is a high possibility of suffering a cyberattack, 51% of surveyed companies have yet to apply for an incident reaction program. This lack of readiness can obstruct recuperation if a cyberattack is suffered. As the Cost of a Data Breach Study by the Ponemon Institute indicated, a quick reaction to a data breach can restrict the damage caused to breach sufferers and decrease the cost of alleviating such an attack. Respondents informed that the cost of alleviating an attack and coping with the consequences from a network compromise was roughly $4 million.

When asked concerning the biggest dangers to their business and the kinds of attack that caused the most anxiety there was little to select between internal and external dangers, which were rated as a top anxiety by 64% and 63% of respondents respectively. The main supposed targets for hackers were electronic medical files (77%), patient billing information (56%), login identifications (54%), other verification credentials (49%), and research information (45%).

The techniques utilized to gain access to systems and data were extremely different. The main technique of attack was the misuse of software and operating system weaknesses and the use of malware. 71% of respondents said weaknesses were misused while 69% said attacks involved the use of malware. 37% of companies had suffered ransomware attacks.

The safety of medical appliances is the main worry, particularly since they are a blind spot in several companies. 65% of respondents said medical appliances were not included in their overall cybersecurity plan or they didn’t know if they were. 31% of respondents said they didn’t have any plans to include medical appliances in their cybersecurity plans in the near future.

The HHS’ Office for Civil Rights has raised the consciousness of the requirement to provide ongoing safety consciousness training to staff and businesses like Cofense have circulated data to demonstrate how safety consciousness training and phishing imitations can greatly decrease vulnerability to phishing attacks. Nevertheless, several healthcare companies are not heeding that suggestion and are not providing training on a regular basis. Several healthcare companies are still only providing safety consciousness training to workers yearly. It is therefore expected that 52% of respondents said a lack of worker safety consciousness was obstructing their capability to improve their safety posture.

74% thought the biggest hurdle stopping them from improving safety was staffing problems and 60% said they don’t have staff with the correct cybersecurity qualifications in-house. 51% of respondents said that have not yet hired a Chief Information Security Officer (CISO).