Breaches on the Rise as 70% of Healthcare Firms Are Hit

Some 70% of global healthcare organizations (HCOs) have suffered a data breach, as the sector increasingly shifts towards using digital platforms, according to Thales eSecurity.

The cybersecurity vendor’s 2018 Thales Data Threat Report, Healthcare Edition was compiled by 451 Research from interviews with 1200 senior security executives around the world.

It revealed that only 30% have yet to suffer a breach, a 17% decrease from 2016.

Some 39% of HCOs were hit in the past year and over half (55%) of respondents claimed they now feel “very” or “extremely” vulnerable to data breaches.

The growing risk to HCOs comes as virtually all (93%) now use cloud, big data, IoT and container technologies with sensitive data.

Adding to the complexity and potential security risk exposure is the fact that 54% are using three or more infrastructure-as-a-service (IaaS) vendors, a third are using 50 software-as-a-service (SaaS) applications and 54% are running three or more platform-as-a-service (PaaS) environments, according to the report.

Almost all (96%) said they are using IoT technologies, including internet-connected heart-rate monitors, implantable defibrillators and insulin pumps.

On the plus side, 84% said they plan to increase spending on cybersecurity over the next year, although only 40% want to do so on encryption tools, despite the forthcoming GDPR coming into force in May.

“When it comes to data security, the global healthcare industry is increasingly under duress, which is why some of this year’s findings are so counter-intuitive,” argued Thales eSecurity chief strategy officer, Peter Galvin.

“For example, 63% of global respondents are investing money in endpoint security, even though it offers little help in protecting data once perimeters have been breached. Data security spending needs to match healthcare’s reality — which is that of an industry embracing digitally transformative technologies.”

Last year the NHS suffered yet another security wake-up call after the WannaCry ransomware campaign caused widespread damage, leading to the cancellation of an estimated 19,000 operations and appointments.

What’s Hot on Infosecurity Magazine?