The Kaspersky Lab reported that 27% of healthcare employees said their organization had at least one ransomware attack in the past year. 33% of those individuals said their organization experienced multiple breaches.
In the report, Cyber Pulse: The State of Cybersecurity in Healthcare, the lab explained that in 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights was notified of more than 110 hacking/IT-related data breaches that have affected more than 500 people. That’s a lot of money, not to mention how breaches can permanently damage a company’s reputation and potential harm to patients.
To investigate cybersecurity in health care, the lab used Opinion Matters, a market research firm, to do a survey of healthcare employees in the US and Canada. 1,758 were surveyed to look into the perception of these employees regarding cybersecurity in their company.
81% of small healthcare companies (1-49 employees), 83% of medium-sized healthcare companies (50-249), and 81% of large healthcare organizations (250+ employees) reported experiencing between 1 and 4 attacks.
According to the Penemon Institute/IBM Security’s 2018 Cost of a Data Breach Report, the average cost of a data breach has risen to $3.86 million. Kaspersky Lab’s 2018 Cost of a Data Breach Report reports the average cost at $1.23 million for enterprises and $120,000 for SMBs.
Of course, cybersecurity is important to prevent healthcare companies’ financial loss, but 71% said it was important to protect patients. 60% said it was important to protect the people and companies they work with.
Even though a lot of healthcare companies have a form of cybersecurity in place, many employees don’t have confidence in their organization’s strategy. As a matter of face, only 50% of healthcare IT workers were confident in their cybersecurity strategy, that fell to 29% of management and doctors, 21% of nurses, 23% of finance employees, and 13% of the HR department.
A lot of healthcare employees seem to have a false sense of security. Data breaches are being reported daily, but only 21% of respondents had total faith their organization’s ability to prevent cyber attacks and didn’t think they would suffer a single data breach in the upcoming year. Say what??
Even though 73% of employees said they’d let the security team know if they got an email from an unknown individual asking for PHI or login info, 17% said they’d do nothing. 17% of employees also confessed to having received an email request from an outside vendor for Ephi and gave them the info they requested!
Healthcare companies have become a major target for hackers because of the success they’ve had in the past. IT personnel, management, and all employees have to work together in order to accomplish the balance of training, education, and security solutions that will prevent breaches.