News | Information Technology | October 31, 2016

Healthcare Industry Lacking in Basic Cybersecurity Awareness Among Staff

New healthcare cybersecurity report exposes risk of attacks through social engineering, highlights vulnerability of industry

cybersecurity, healthcare industry, SecurityScorecard report, social engineering, cyberattacks

October 31, 2016 — SecurityScorecard, a security rating and continuous risk monitoring platform, released its 2016 Healthcare Industry Cybersecurity Report in October. The report is a comprehensive analysis exposing alarming cybersecurity vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies. Security breaches in this industry pose devastating consequences, according to the company, because they can render an entire system or network inoperable, creating a life or death situation that needs immediate attention.

Among all industries, healthcare ranks 15th out of 18 in Social Engineering, suggesting a security awareness problem among healthcare professionals, putting millions of patients at risk.  The Verizon Data Breach Report ranks Social Engineering as the third most common cause for breaches, a number that is rising at the same rate as Hacking and Malware.

"The low Social Engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient," said Alex Heid, chief research officer at SecurityScorecard. "Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear phishing and other social engineering attacks. For a hacker, it only takes one piece of information such as learning the email structure of an organization to exploit an employee into divulging sensitive information or providing an access point into that organization's network."

Another risk is the array of devices with wireless capabilities such as Internet of Things (IoT) devices, wireless medical devices and tablets, which have paved the way for medical advances benefiting hospitals and patients. However, their speedy delivery and implementation has resulted in subpar security setups.

"As long as these IoT devices are manufactured with poor security standards, the vulnerability doesn't only lie within the devices themselves, but they also pose a risk to any hospital, treatment center or individual using the device. If a connected device is hacked into, the device can be forced to malfunction or it can be used as a pathway to reach an organization's primary network," continued Heid.

Among the report's key findings are:

  • Over 75 percent of the entire healthcare industry has been infected with malware over the last year;
  • Ninety-six percent of all ransomware targeted medical treatment centers;
  • Healthcare manufacturing nearly reaches a 90 percent malware infection rate;
  • Sixty-three percent of the 27 biggest U.S. hospitals have a C or lower in Patching Cadence, which measures an organization's ability to implement security software patches in a timely fashion;
  • Healthcare has the fifth highest count of ransomware among all industries;
  • Over 50 percent of the healthcare industry has a Network Security score of a C or lower; and
  • Past-breached healthcare companies still have 242 percent as many low scores in Social Engineering compared to non-breached companies

Ransomware and breaches are affecting the healthcare industry at an increasingly alarming rate, according to the report, with 22 major public breaches occurring since August 2015. Earlier this year, Hollywood Presbyterian Medical Center paid $17,000 as a result of ransomware after losing access to patient records for 10 days. In March 2016, 21st Century Oncology struggling with DNS Health, Network Security and Patching Cadence suffered a data breach that led to a loss of 2.2M patient records and a $57M class-action lawsuit. Overall, breached healthcare companies still struggle with security post-breach, according to the report.

For more information: www.securityscorecard.com

Related Content

Nurse Practitioners, Physician Assistants Rarely Interpret Diagnostic Imaging Studies
News | Radiology Business | September 18, 2019
September 18, 2019 — Although Medicare claims data confirm the...
iCAD's ProFound AI Wins Best New Radiology Solution in 2019 MedTech Breakthrough Awards
News | Computer-Aided Detection Software | September 09, 2019
iCAD Inc. announced MedTech Breakthrough, an independent organization that recognizes the top companies and solutions...
Scranton Gillette Communications Names Imaging Technology News Group Publisher and Integrated Media Consultant

Diane Vojcanin (left) was named vice president, group publisher, healthcare group, overseeing Imaging Technology News (ITN) and Diagnostic and Interventional Cardiology (DAIC). Andreja Slapsys (right) was named a healthcare group integrated media consultant.

News | Radiology Business | September 06, 2019
Business-to-business communications leader Scranton Gillette Communications has named Diane Vojcanin as vice president...
A smart algorithm has been trained on a neural network to recognize the appearance of breast cancer in MR images

A smart algorithm has been trained on a neural network to recognize the appearance of breast cancer in MR images. The algorithm, described at the SBI/ACR Breast Imaging Symposium, used deep learning, a form of machine learning, which is a type of artificial intelligence. Image courtesy of Sarah Eskreis-Winkler, M.D.

Feature | Society of Breast Imaging (SBI) | September 06, 2019 | By Greg Freiherr
The use of smart algorithms has the potential to make healthcare more efficient.
Philips and Fujifilm booths at SIIM 2019.

Philips and Fujifilm booths at SIIM 2019.

Feature | SIIM | September 06, 2019 | By Greg Freiherr
Pragmatism from cybersecurity to enterprise imaging was in vogue at the 2019 meeting of the Society of Imaging Inform
Heath information technology diagram showing use of cloud storage.
Feature | Archive Cloud Storage | September 04, 2019 | Tyna Callahan
In healthcare, critical systems are being used to deliver vital information and services 24x7x365.
Global Diagnostics Australia Incorporates AI Into Radiology Applications
News | Artificial Intelligence | September 04, 2019
Global Diagnostics Australia (GDA), a subsidiary of the Integral Diagnostics Group (IDX), has adopted artificial...
The CT scanner might not come with protocols that are adequate for each hospital situation, so at Phoenix Children’s Hospital they designed their own protocols, said Dianna Bardo, M.D., director of body MR and co-director of the 3D Innovation Lab at Phoenix Children’s.

The CT scanner might not come with protocols that are adequate for each hospital situation, so at Phoenix Children’s Hospital they designed their own protocols, said Dianna Bardo, M.D., director of body MR and co-director of the 3D Innovation Lab at Phoenix Children’s.

Sponsored Content | Case Study | Radiation Dose Management | September 04, 2019
Radiation dose management is central to child patient safety. Medical imaging plays an increasing role in the accurate...
Medical Imaging Rates Continue to Rise Despite Push to Reduce Their Use
News | Radiology Imaging | September 03, 2019
Despite a broad campaign among physician groups to reduce the amount of medical imaging, use rates of various scans...
Beginning with the 2019 meeting, the American Society for Radiation Oncology (ASTRO) will begin transforming its annual meeting in several key ways

Expect changes at ASTRO 2019 and at ASTRO annual meetings to come over the next two years. Photo courtesy of ASTRO

Feature | ASTRO | August 30, 2019 | By Greg Freiherr
Beginning with the...