Report: Healthcare Still Unprepared for Cybersecurity Attacks
Providers are facing an increasing number of attempts to compromise data, and often fall prey to these attempts, according to the 2015 KPMG Healthcare and Cybersecurity Survey. A total of 81 percent of healthcare organizations have been compromised by cyber attacks in the past two years, the survey found. And while 85 percent of providers said cybersecurity has been discussed at the board level in the past year, only 53 percent of providers considered themselves ready to defend against a cyber-attack.
The rich and unique data collected by healthcare organizations through health IT systems has made health plans, doctors, and hospitals a target for intentional privacy and security breaches. Despite the significant repercussions of a cyber-atttack and the resulting breach of privacy/security, the healthcare sector continues to lag behind in its preparedness for protecting electronic protected health information (ePHI) and its infrastructure from cyber threats, the survey said. Healthcare commonly uses outdated clinical technology, insecure network-enabled medical devices, and has an overall lack of information security management processes, the KPMG report said. Healthcare specifically faces increased security threats due to:
- The adoption of digital patient records and the automation of clinical systems
- The use of antiquated electronic health record systems and other clinical applications that are not designed to securely operate in the current networked environment
- The new ease of distributing ePHI both internally (laptops, mobile devices, thumb drives) and externally (third parties, cloud services, HIEs)
- The heterogeneous nature of networked systems and applications (i.e., network-enabled respirator pumps on the same network as registration systems that can browse the Internet)
- The evolving threat landscape where cyber-attacks today are more sophisticated and well-funded given the increased value of the compromised data on the black market
The report summarized that as cyberattacks become more sophisticated, so too must the defense against those attacks become more organized and vigilant, something many healthcare organizations are not ready to do.