Security in the healthcare industry is receiving a great deal of attention and for good reason.
From the fear of medical devices being taken over, to operational disruptions that impede patient care, the impact of a cyberattack can be far-reaching with disastrous consequences. With this in mind, Mimecast recently conducted a survey with HIMSS Analytics to get the pulse of senior information technology and security professionals on their greatest challenges.
The survey found that provider organizations believe the biggest potential area for a data breach is email. Respondents were unequivocal, as the chart below shows. Email gained more first-place votes than all other categories combined.
Respondents said that ‘Preventing Malware and Ransomware’ is a top initiative for building a cyber resilience strategy for the next 12 months. And the numbers shed more light on the importance of taking action against ransomware. 78% of provider organizations have dealt with ransomware, malware or both in the last 12 months. Other industry statistics support the findings. The 2017 Verizon Data Breach Report finds that 72% of malware targeting the healthcare industry is ransomware.
While respondents view email as a major source of risk to the organization, not surprisingly, it remains a widespread communication channel across the organizations. Over 9 in 10 respondents said email was critical to the organization. Of this, 43% said that email was mission critical and that downtime couldn’t be tolerated. It’s the fact that email is so widely adopted, and a key communication channel that leads to the inherent trust that employees place in the content of their inboxes. Attackers know that email and the employees that open and click on links and attachments are a weak spot in defenses. Healthcare providers are obviously looking to raise the security and resilience profile of their organizations. ‘Training employees about how to be diligent when it comes to cybersecurity’ was the second highest imperative for building a cyber resilience strategy for the coming year.
Determined attackers aren’t the only threat that Mimecast found in the survey. Healthcare as an industry is subject to requirements such as HIPAA that we’ve covered in earlier articles and the Mimecast survey also probed the extent that organizations use email to send PHI (patient healthcare information?). The survey found that 8 in 10 organizations use email to send PHI, most frequently to send information from provider to provider. The results indicate the importance of secure messaging and encryption solutions that keep sensitive patient data safe. This is also relevant in the event an account is compromised; a user is careless or in the unfortunate case of a malicious insider – all which put patient data at risk.
Watch the Mimecast blog over the next few weeks as we share more posts on the findings of this important healthcare survey!
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly