Healthcare data is extremely valuable on the dark web as it contains highly sensitive data, both financial and protected health information. As a result, healthcare organizations are increasingly attractive to attackers. Additionally, with the introduction of web-based healthcare portals and remote patient mobile technology, managing security within healthcare organizations has become more difficult.
Imperva’s survey of 102 Healthcare IT professionals, which was carried out at the 2018 Healthcare Information and Management Systems Society (HIMSS) Conference, revealed that 77 percent of respondents were very concerned about a cybersecurity event striking their organization and 15 percent admitted that their organization’s ability to handle a cyberattack needed work.
“Attackers understand the value of the data held by healthcare organizations, and as a result, they are quickly becoming a sweet spot for hackers looking to steal large amounts of patient records for profit. There have been a number of incidents recently where cybercrime has impacted hospitals and left them unable to access patient data, which demonstrates the consequences of a successful attack. It is crucial that healthcare organizations take steps to protect their data. To retain patient trust, organizations must provide an excellent defense at all times,” said Terry Ray, CTO at Imperva.
Survey respondents were asked what attacks caused them the most concern, and the most cited response was ransomware (32 percent). In the last year, there have been numerous examples of hospitals suffering ransomware infections, where they have been left at a complete standstill and unable to access patient data. Attackers know that if a healthcare organization does not have a mitigation strategy in place, they will likely opt to pay a ransom, rather than risk losing access to patient files entirely. However, research has shown that 50 percent of organizations never get their data back even when they do pay the ransom.
Regarding insider threats, respondents were most concerned about careless users (51 percent). Additionally, 27 percent said a lack of tools to monitor employees and other insider activities makes detecting insider threats difficult. Thirty-two percent indicated that collecting information from diverse security tools is the most time-consuming task when investigating or responding to insider threats.
“As we’ve seen in past high-profile cases, data breaches caused by careless, malicious or compromised insiders are a very real threat. However, because the user has legitimate access to enterprise data, attacks from the inside can take a long time to detect. To mitigate the risk, organizations should ask themselves where their sensitive data lies and invest in protecting it. Businesses can employ solutions based on machine learning technology to process and analyze vast amounts of data. This will help them pinpoint critical anomalies that indicate misuse of data, so they can quickly quarantine risky users to prevent any further issues,” continued Ray.
Interestingly, when survey respondents were asked about incident response, 26 percent revealed they do not have a plan in place while an additional 28 percent of respondents admitted that their healthcare organization does not even have a CISO.