Security by Sector: Healthcare Orgs Continue to Suffer Security Headaches

Written by

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

Cybersecurity challenges and risks within the healthcare industry has been endemic in recent years. In 2017, we saw the devastating impact the WannaCry attack had across the NHS, whilst various pieces of research and reports further highlighted just how vulnerable the healthcare industry has been when it comes to data security.

New research has found that security incidents and data breaches continued to cause serious headaches for the healthcare industry throughout 2019, both in the UK and US.

Clearswift surveyed senior decision makers in healthcare organizations across the UK, discovering that 67% of healthcare companies experienced a cybersecurity incident in the past year. Likewise, data gathered by PreciseSecurity showed that health records for 40 million Americans were breached in 2019 – that highest number of health data breaches since 2015.

Clearswift’s research discovered that almost half (48%) of incidents within the sector occurred as a result of viruses or malware introduced by third-party devices, whilst the sharing of information with unauthorized recipients by staff (39%), users not following protocol/data protection policies (37%) and malicious links in emails and on social media (28%) also playing a significant part.

PreciseSecurity named hacking was the main weapon employed to steal health data from different entities, with more than half (59%) of the 40 million records stolen through hacking.

“The healthcare sector holds important patient data, so it is alarming to see such high numbers of security incidents occurring in the industry,” said Alyn Hockey, VP of product management, Clearswift.

Health data breaches can be costly considering that credit card data, email addresses, social security numbers, employment information and medical history records can be used in many instances like fraud and identity theft, PreciseSecurity’s report stated.

“It’s more important than ever that the industry bolsters its cybersecurity efforts to reduce the risk of everything from unwanted data loss to malicious attacks and focuses on keeping patient data safe and secure,” Hockey added.

However, doing so may prove a tough task for healthcare companies if Clearswift’s research is anything to go by. It claimed that less than a quarter (24%) of respondents said they had an adequate level of budget allocated to cybersecurity, with 46% of respondents revealing investment is put into database security, versus just 26% for endpoint security.

“Cybersecurity strategies across healthcare organizations need to rapidly evolve to account for new threats against the sector,” Hockey said. “It’s not a case of ‘if’, but ‘when’ an incident occurs so investment is required to ensure healthcare organizations are prepared for any type of threat.”

As the number of healthcare data breaches has risen over the years, so has the number of entities involved, PreciseSecurity found. Last year saw 429 entities involved in data breaches, the highest of the last decade.

“Based on the high volume of data breaches, it is clear that the healthcare sector is among the most vulnerable sectors regarding data breaches. If this trend continues, 2020 might witness an increase of between 10%-15% in the number of entities breached compared to 2019.”

To curb more breaches, there is a need for entities improving their measures of protecting healthcare records with administrative, physical and technical controls such as encryption, PreciseSecurity added.

What’s hot on Infosecurity Magazine?