News | Information Technology | October 31, 2016

Healthcare Industry Lacking in Basic Cybersecurity Awareness Among Staff

New healthcare cybersecurity report exposes risk of attacks through social engineering, highlights vulnerability of industry

cybersecurity, healthcare industry, SecurityScorecard report, social engineering, cyberattacks

October 31, 2016 — SecurityScorecard, a security rating and continuous risk monitoring platform, released its 2016 Healthcare Industry Cybersecurity Report in October. The report is a comprehensive analysis exposing alarming cybersecurity vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies. Security breaches in this industry pose devastating consequences, according to the company, because they can render an entire system or network inoperable, creating a life or death situation that needs immediate attention.

Among all industries, healthcare ranks 15th out of 18 in Social Engineering, suggesting a security awareness problem among healthcare professionals, putting millions of patients at risk.  The Verizon Data Breach Report ranks Social Engineering as the third most common cause for breaches, a number that is rising at the same rate as Hacking and Malware.

"The low Social Engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient," said Alex Heid, chief research officer at SecurityScorecard. "Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear phishing and other social engineering attacks. For a hacker, it only takes one piece of information such as learning the email structure of an organization to exploit an employee into divulging sensitive information or providing an access point into that organization's network."

Another risk is the array of devices with wireless capabilities such as Internet of Things (IoT) devices, wireless medical devices and tablets, which have paved the way for medical advances benefiting hospitals and patients. However, their speedy delivery and implementation has resulted in subpar security setups.

"As long as these IoT devices are manufactured with poor security standards, the vulnerability doesn't only lie within the devices themselves, but they also pose a risk to any hospital, treatment center or individual using the device. If a connected device is hacked into, the device can be forced to malfunction or it can be used as a pathway to reach an organization's primary network," continued Heid.

Among the report's key findings are:

  • Over 75 percent of the entire healthcare industry has been infected with malware over the last year;
  • Ninety-six percent of all ransomware targeted medical treatment centers;
  • Healthcare manufacturing nearly reaches a 90 percent malware infection rate;
  • Sixty-three percent of the 27 biggest U.S. hospitals have a C or lower in Patching Cadence, which measures an organization's ability to implement security software patches in a timely fashion;
  • Healthcare has the fifth highest count of ransomware among all industries;
  • Over 50 percent of the healthcare industry has a Network Security score of a C or lower; and
  • Past-breached healthcare companies still have 242 percent as many low scores in Social Engineering compared to non-breached companies

Ransomware and breaches are affecting the healthcare industry at an increasingly alarming rate, according to the report, with 22 major public breaches occurring since August 2015. Earlier this year, Hollywood Presbyterian Medical Center paid $17,000 as a result of ransomware after losing access to patient records for 10 days. In March 2016, 21st Century Oncology struggling with DNS Health, Network Security and Patching Cadence suffered a data breach that led to a loss of 2.2M patient records and a $57M class-action lawsuit. Overall, breached healthcare companies still struggle with security post-breach, according to the report.

For more information: www.securityscorecard.com

Related Content

Use of telehealth jumped sharply during the first months of the coronavirus pandemic shutdown, with the approach being used more often for behavioral health services than for medical care, according to a new RAND Corporation study.

Getty Images

News | Teleradiology | January 13, 2021
January 13, 2021 — Use of telehealth jumped sha
The U.S. Food and Drug Administration released the agency's first Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) Action Plan. This action plan describes a multi-pronged approach to advance the Agency's oversight of AI/ML-based medical software.
News | Artificial Intelligence | January 12, 2021
January 12, 2021 — The U.S.
The FDA is monitoring the potential impact of viral mutations, including an emerging variant from the United Kingdom known as the B.1.1.7 variant, on authorized SARS-CoV-2 molecular tests

Getty Images

News | Coronavirus (COVID-19) | January 08, 2021
January 8, 2021 — The U.S.
Mirion Technologies, Inc., a global provider of innovative radiation detection and measurement solutions, announced that it has acquired Sun Nuclear Corporation. Sun Nuclear is the global leader in radiation oncology quality assurance, delivering patient safety solutions for diagnostic imaging and radiation therapy centers around the world.
News | Quality Assurance (QA) | January 08, 2021
January 8, 2021 — Mirion Technologies, Inc., a global provider of
In this roundtable discussion hosted by ITN Editorial Director Melinda Taschetta-Millane, three medical experts will discuss the impact COVID-19 had on the industry in 2020, as well as projections for the industry in 2021.
Webinar | Coronavirus (COVID-19) | January 06, 2021
2020 was an unprecedented year, as the world grappled with a...
OptumInsight and Change Healthcare combine to advance a more modern, information and technology-enabled healthcare platform

Getty Images

News | Information Technology | January 06, 2021
January 6, 2020 — Optum, a diversified health services company and
#coronavirus #COVID19 #pandemic

Getty Images

News | Radiology Imaging | January 01, 2021
The Imaging Technology News (ITN) team wishes you a Happy and Healthy New Year!
The top two videos on ITN for the year both involved medical imaging of COVID using point of care ultrasound (POCUS) and mass movement to teleradiology to enable remote working for radiologists and virtual collaboration with referring physicians. The image on the left is Butterfly's POCUS system that turns a smart phone into an ultrasound machine and the image is of COVID B-lines in the lung. The image on the right is a CT scan of COVID pneumonia. #COVID19

The top two videos on ITN for the year both involved medical imaging of COVID using point of care ultrasound (POCUS) and mass movement to teleradiology to enable remote working for radiologists and virtual collaboration with referring physicians. The image on the left is Butterfly's POCUS system that turns a smart phone into an ultrasound machine and the image is of COVID B-lines in the lung. The image on the right is a CT scan of COVID pneumonia. 

Feature | December 23, 2020 | Dave Fornell, Editor
Here are the top 25 best performing videos on the Imaging Technology News website (ITN) from the past year, based on
Company delivers on last year’s roadmap milestones and continues to advance cloud-native suite of tools to lead industry to the future of enterprise imaging
News | Enterprise Imaging | December 23, 2020
December 23, 2020 — ...
 EvoHealth, a trailblazer in incorporating new technology in healthcare IT software, announced it has exceeded its first milestone of more than 100 customers with over 200 locations.
News | Information Technology | December 22, 2020
December 22, 2020 — EvoHealth, a trailblazer in incorporating n