More than one in three healthcare providers have suffered a cyber-attack over the past year, with 10% paying a ransom or other extortion-related fee, according to Imperva.
The vendor polled over 100 healthcare IT professionals at the recent 2018 Healthcare Information and Management Systems Society (HIMSS) Conference in the US.
Unsurprisingly given the sizeable number that had suffered an attack, 77% of respondents said they were very concerned about a cybersecurity event hitting the organization while 15% admitted they needed to do more to improve their cyber-defenses.
Ransomware (32%) was the biggest concern in terms of online threats. That’s understandable, given the WannaCry attack of May 2017 devastated large parts of the NHS, leading to an estimated 19,000 cancelled operations and appointments.
Worryingly, over a quarter (26%) of respondents claimed they don’t have an incident response plan in place — something required by the new GDPR.
In addition, 28% said their healthcare organization (HCO) doesn’t even have chief information security officer (CISO).
A recent report from Verizon revealed that healthcare was the number one sector affected by breaches, accounting for 24% of the total number analyzed over the preceding year. It was also revealed to be the only sector in which insider threats (56%) outweighed those from external attackers (43%).
Answering questions on the insider threat, respondents to the Imperva poll said they were most concerned about careless users (51%). While 27% claimed a lack of tools to monitor employees and other activities makes detecting insider threats difficult.
“Attackers understand the value of the data held by healthcare organizations, and as a result, they are quickly becoming a sweet spot for hackers looking to steal large amounts of patient records for profit,” argued Imperva CTO, Terry Ray.
“There have been a number of incidents recently where cybercrime has impacted hospitals and left them unable to access patient data, which demonstrates the consequences of a successful attack. It is crucial that healthcare organizations take steps to protect their data. To retain patient trust, organizations must provide an excellent defense at all times.”