Cyber Attacks Hit Healthcare · Cyber Attacks Hit Healthcare Healthcare Is Under Continuous Attack...
1
Read the full report now: The State of Cybersecurity in Healthcare Organizations in 2016 Cyber Attacks Hit Healthcare Healthcare Is Under Continuous Attack The healthcare industry is under pressure to advance its use of technology to control costs, digitize patient information, and streamline operations. But with significant increases in cyber attacks and the sensitive nature of healthcare data, security is a critical concern. ESET and the Ponemon Institute recently researched the impact of cyber insecurity on the healthcare industry with a survey of over 500 IT professionals in various healthcare organizations. 1 Here’s what we found. of organizations have experienced cyber attacks In the last 12 months: What’s increasing patient information vulnerability? IT pros agree: Which threats are healthcare organizations most concerned about? The top 3 ways healthcare organizations are being attacked: What about denial of service (DDoS) attacks? What about Advanced Persistent Threats (APTs)? experienced an incident involving the loss or exposure of patient information Healthcare organizations experience at least one cyberattack a month, on average 48% Technology trends, e.g. cloud, mobile, big data, Internet of Things Legacy systems System failures Unsecure medical devices Cyber attackers Employee-owned mobile devices/BYOD Exploit of existing software vulnerability >3 months old Web-borne malware attack Number of separate APT-related incidents healthcare organizations experienced in the past year: Just 26% have systems and controls in place to detect and stop them ...and what were the top consequences? 72% IT downtime 53% Inability to provide services 51% Exfiltration of classified/sensitive data Exploit of existing software vulnerability <3 months old. Identity thieves 52% 78% 75% 70% 0 24% 25% 12% 5% 9% 7% 5% 13% 1-2 3-4 5-6 7-8 9-10 >10 Unsure Number of DDoS attacks experienced in the past year: Almost 40% of healthcare organizations experienced a DDoS attack that caused a disruption to ops and/or system downtime How much did these DDoS disruptions and downtime cost organizations? 30% say up to $250,000 0 27% 27% 12% 9% 6% 3% 2% 14% 1-2 3-4 5-6 7-8 9-10 >10 Unsure 81% Patient medical records 64% Patient billing information 50% Clinical trial and other research EMERGENCY Medical Device Security Unpreparedness Is the Biggest Threat of All The Solution? Multilayered Security What’s at Risk? Biggest concern of healthcare IT pros? Hackers are most interested in stealing: Healthcare data security is highly personal and impacts patient trust in healthcare organizations: Interestingly, patient concern about the security of their health data rises with their age group: 4 What may be more concerning than the increase in cyberattacks? The survey revealed many IT professionals in healthcare aren’t prepared: Only half have an incident response plan in place. 77% say unsecured medical devices. Despite this, only 27% include medical devices as part of their security strategy. 13% of Americans have withheld information from their healthcare provider due to privacy/security concerns. 2 Nearly 40% of consumers say they would abandon or hesitate using a health organization if it was hacked. 3 Beyond losing patient trust and impacting profitability and productivity, downtime can be deadly, putting patient lives at stake. claim no understanding of how to protect against cyberattacks 20s and 30s 40s 50s 70% 80% 83% Multilayered security solutions provide the best coverage for the complexity of healthcare IT infrastructure and the sensitive data it contains. Take a multilayered approach that includes: Sources: 1 “The Impact of Cyber Insecurity on Healthcare Organizations,” Ponemon Institute, sponsored by ESET, February 2016. 2 Cobb, S. “Healthcare data breaches lead patients to withhold information from doctors,” We Live Security, February 2016. http://www.welivesecurity.com/2016/02/18/security-privacy-patients-withholding/ 3 “Top Health Industry Issues of 2016,” PwC Health Research Institute Annual Report, December 2015. 4 University of Phoenix survey of 2,000+ adults, 10/2015. 54% 51% SYSTEM ERROR CLOSED PATIENT FILES were unsure if they’d experienced a loss or exposure of patient information in the past year 26% 39% = $10,000 Endpoint antivirus › SharePoint protection › Encryption › Two-factor authentication › Backup/disaster recovery › Download the Whitepaper ›
Transcript of Cyber Attacks Hit Healthcare · Cyber Attacks Hit Healthcare Healthcare Is Under Continuous Attack...
Read the full report now: The State of Cybersecurity in Healthcare Organizations in 2016
Cyber Attacks Hit Healthcare
Healthcare Is Under Continuous Attack
The healthcare industry is under pressure to advance its use of technology to control costs, digitize patient information, and streamline operations. But with significant increases in cyber attacks and the sensitive nature of healthcare data, security is a critical concern.
ESET and the Ponemon Institute recently researched the impact of cyber insecurity on the healthcare industry with a survey of over 500 IT professionals in various healthcare organizations.1 Here’s what we found.
of organizations have experienced cyber attacks
In the last 12 months:
What’s increasing patient information vulnerability? IT pros agree:
Which threats are healthcare organizations most concerned about?
The top 3 ways healthcare organizations are being attacked:
What about denial of service (DDoS) attacks?
What about Advanced Persistent Threats (APTs)?
experienced an incident involving the loss or exposure of patient information
Healthcare organizations experience at least one cyberattack a month, on average
48%
Technology trends, e.g. cloud, mobile, big data, Internet of Things
Legacy systems
System failures Unsecure medical devices Cyber attackers
Employee-owned mobile devices/BYOD
Exploit of existing software vulnerability >3 months old
Web-borne malware attack
Number of separate APT-related incidents healthcare organizations experienced in the past year:
Just 26% have systems and controls in place to detect and stop them
...and what were the top consequences?
72%IT downtime
53%Inability to provide services
51%Exfiltration of
classified/sensitive data
Exploit of existing software vulnerability <3 months old.
Identity thieves
52%
78% 75% 70%
0
24%
25%
12%
5%
9%
7%
5%
13%
1-2 3-4 5-6
7-8 9-10 >10 Unsure
Number of DDoS attacks experienced in the past year:
Almost 40% of healthcare organizations experienced a DDoS attack that caused a disruption to ops and/or system downtime
How much did these DDoS disruptions and downtime cost organizations? 30% say up to $250,000
0
27%
27%12%
9%
6%3%
2%
14%
1-2 3-4 5-6
7-8 9-10 >10 Unsure
81%Patient medical records
64%Patient billing information
50%Clinical trial and other research
EMERGENCY
Medical Device Security
Unpreparedness Is the Biggest Threat of All
The Solution? Multilayered Security
What’s at Risk?
Biggest concern of healthcare IT pros?
Hackers are most interested in stealing:
Healthcare data security is highly personal and impacts patient trust in healthcare organizations:
Interestingly, patient concern about the security of their health data rises with their age group:4
What may be more concerning than the increase in cyberattacks? The survey revealed many IT professionals in healthcare aren’t prepared:
Only half have an incident response plan in place.
77% say unsecured medical devices.
Despite this, only 27% include medical devices as part of their security strategy.
13% of Americans have withheld information from their healthcare provider due to privacy/security concerns.2
Nearly 40% of consumers say they would abandon or hesitate using a health organization if it was hacked.3
Beyond losing patient trust and impacting profitability and productivity, downtime can be deadly, putting patient lives at stake.
claim no understanding of how to protect against cyberattacks
20s and 30s
40s
50s
70%
80%
83%
Multilayered security solutions provide the best coverage for the complexity of healthcare IT infrastructure and the sensitive data it contains. Take a multilayered approach that includes:
Sources:1 “The Impact of Cyber Insecurity on Healthcare Organizations,” Ponemon Institute, sponsored by ESET, February 2016.2 Cobb, S. “Healthcare data breaches lead patients to withhold information from doctors,” We Live Security, February 2016. http://www.welivesecurity.com/2016/02/18/security-privacy-patients-withholding/3 “Top Health Industry Issues of 2016,” PwC Health Research Institute Annual Report, December 2015.4 University of Phoenix survey of 2,000+ adults, 10/2015.
54%
51%
SYSTEM ERROR
CLOSED PATIENT FILES
were unsure if they’d experienced a loss or exposure of patient information in the past year
26% 39%
= $10,000
Endpoint antivirus ›
SharePoint protection ›
Encryption ›
Two-factor authentication ›
Backup/disaster recovery ›
Download the Whitepaper ›
