The healthcare industry is hit by 360% more security incidents than the average sector, exposing organizations to data theft on a much larger scale, according to Raytheon Websense.
The security firm analyzed real-world security feeds from global healthcare organizations to compile its 2015 Industry Drill-Down report.
It found that this industry was 200% more likely to be hit by data theft than the average, with one in every 600 attacks involving advanced malware.
Cyber-criminals are increasingly focusing on these organizations because healthcare records are 10 times more valuable on the cyber underground than most stolen information – containing a multitude of personal and financial info.
This can be used in a wider variety of follow-up ID fraud and financial exploitation attacks, the firm said.
The digitization of health records across the globe and networks of numerous loosely aligned providers has also created a huge attack surface, with security gaps cyber-criminals are only too ready and capable of exploiting, the report claimed.
“While the finance and retail sectors have long honed their cyber defenses, our research illustrates that healthcare organizations must quickly advance their security posture to meet the challenges inherent in the digital economy – before it becomes the primary source of stolen personal information,” said principal security analyst, Carl Leonard.
The findings chime with data from the US Identity Theft Resource Center which claimed that medical/healthcare accounted for the biggest number of reported breaches in 2014 – 42.5%.
This continued a three-year trend for the industry, the ITRC said in a report.
Many organizations in the sector lack the budget and technical expertise to properly defend themselves, especially from advanced malware, Raytheon said.
They’re also being hit by ransomware and banking trojans.
Healthcare organizations are 4.5 times more likely than others to be hit by Cryptowall and three times more likely to be impacted by Dyre, according to the report.