News | Information Technology | October 31, 2016

Healthcare Industry Lacking in Basic Cybersecurity Awareness Among Staff

New healthcare cybersecurity report exposes risk of attacks through social engineering, highlights vulnerability of industry

cybersecurity, healthcare industry, SecurityScorecard report, social engineering, cyberattacks

October 31, 2016 — SecurityScorecard, a security rating and continuous risk monitoring platform, released its 2016 Healthcare Industry Cybersecurity Report in October. The report is a comprehensive analysis exposing alarming cybersecurity vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies. Security breaches in this industry pose devastating consequences, according to the company, because they can render an entire system or network inoperable, creating a life or death situation that needs immediate attention.

Among all industries, healthcare ranks 15th out of 18 in Social Engineering, suggesting a security awareness problem among healthcare professionals, putting millions of patients at risk.  The Verizon Data Breach Report ranks Social Engineering as the third most common cause for breaches, a number that is rising at the same rate as Hacking and Malware.

"The low Social Engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient," said Alex Heid, chief research officer at SecurityScorecard. "Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear phishing and other social engineering attacks. For a hacker, it only takes one piece of information such as learning the email structure of an organization to exploit an employee into divulging sensitive information or providing an access point into that organization's network."

Another risk is the array of devices with wireless capabilities such as Internet of Things (IoT) devices, wireless medical devices and tablets, which have paved the way for medical advances benefiting hospitals and patients. However, their speedy delivery and implementation has resulted in subpar security setups.

"As long as these IoT devices are manufactured with poor security standards, the vulnerability doesn't only lie within the devices themselves, but they also pose a risk to any hospital, treatment center or individual using the device. If a connected device is hacked into, the device can be forced to malfunction or it can be used as a pathway to reach an organization's primary network," continued Heid.

Among the report's key findings are:

  • Over 75 percent of the entire healthcare industry has been infected with malware over the last year;
  • Ninety-six percent of all ransomware targeted medical treatment centers;
  • Healthcare manufacturing nearly reaches a 90 percent malware infection rate;
  • Sixty-three percent of the 27 biggest U.S. hospitals have a C or lower in Patching Cadence, which measures an organization's ability to implement security software patches in a timely fashion;
  • Healthcare has the fifth highest count of ransomware among all industries;
  • Over 50 percent of the healthcare industry has a Network Security score of a C or lower; and
  • Past-breached healthcare companies still have 242 percent as many low scores in Social Engineering compared to non-breached companies

Ransomware and breaches are affecting the healthcare industry at an increasingly alarming rate, according to the report, with 22 major public breaches occurring since August 2015. Earlier this year, Hollywood Presbyterian Medical Center paid $17,000 as a result of ransomware after losing access to patient records for 10 days. In March 2016, 21st Century Oncology struggling with DNS Health, Network Security and Patching Cadence suffered a data breach that led to a loss of 2.2M patient records and a $57M class-action lawsuit. Overall, breached healthcare companies still struggle with security post-breach, according to the report.

For more information: www.securityscorecard.com

Related Content

Esaote, an Italian company among the world leaders in the field of medical diagnostic imaging systems, is the Ducati Team's official partner for the 2020 season
News | Radiology Business | February 14, 2020
February 14, 2020 — Esaote, an Italian company among the world le
The Candelis ImageGrid Plus PACS Server is an ultra-high-performance platform that can support high volume healthcare environments of 1,000 plus modalities
News | PACS | February 12, 2020
February 12, 2020 — The Candelis ImageGrid Plus...
An example of artificial intelligence (AI) being developed by Hitachi to automatically review and identify nodules on lung CT scans. This is part of a suite of AI apps Hitachi is developing. This example was being shown as a work in progress at RSNA 2019.

An example of artificial intelligence (AI) being developed by Hitachi to automatically review and identify nodules on lung CT scans. This is part of a suite of AI apps Hitachi is developing. This example was being shown as a work in progress at RSNA 2019. Photo by Dave Fornell.

Feature | Artificial Intelligence | February 07, 2020 | Sanjay Parekh, Ph.D. 
February 7, 2020 – At the 2019 Radiological Society...
Infervision’s deep learning medical imaging platform is helping screen patients for the coronavirus in China. It acts as second pair of eyes to identify multiple diseases from one set of chest scans. The artificial intelligence (AI) can provide a complete view of the nodule, including volume and density.

Infervision’s deep learning medical imaging platform is helping screen patients for the coronavirus in China. It acts as second pair of eyes to identify multiple diseases from one set of chest scans. The artificial intelligence (AI) can provide a complete view of the nodule, including volume and density.

News | Artificial Intelligence | February 04, 2020
February 4, 2020 — Since January 2020, the...
Qynapse, a medical technology company, announced that it received U.S. Food and Drug Administration (FDA) 510(k) clearance for its QyScore software
News | Information Technology | February 04, 2020
February 4, 2020 — Qynapse, a medical technology company, anno
Feature | Breast Imaging | February 03, 2020 | By Barbara Smith
Women in the United States have a 1 in 8 (or about 13 percent) lifetime risk of being diagnosed with breast cancer du
HIPAA Regulations

Image courtesy of Carestream 

Feature | Radiology Business | February 03, 2020 | By Carol Amick
According to the U.S.
While electronic medical record systems have helped consolidate most patient data into one location, medical imaging IT systems has proved to be more difficult to replicate by large EMR vendors. This has made room in the market for third-party radiology IT vendors that allow easy integration with the larger EMRs like Epic and Cerner. This image shows Agfa's enterprise imaging system, leveraging its ability to be accessed anywhere with internet connection and pull images from radiology and surgery.

While electronic medical record systems have helped consolidate most patient data into one location, medical imaging IT systems has proved to be more difficult to replicate by large EMR vendors. This has made room in the market for third-party radiology information system vendors that allow easy integration with the larger EMRs like Epic and Cerner. This image shows Agfa's enterprise imaging system, leveraging its ability to be accessed anywhere with an internet connection and able to pull in images from both radiology and surgery. 

Feature | Enterprise Imaging | February 02, 2020 | Steve Holloway
The growing influence and uptake of electronic medical records (EMRs) in healthcare has driven debate over the future