In the war against cyberattacks, security professionals in the United States say that they aren’t prepared to go to battle. The Ponemon Institute recently polled 678 individuals responsible for directing the cyber security activities at their organization. On a scale of one to ten, respondents rated their ability to defend against cyberattacks at a dismal 4.9. The majority of respondents from the healthcare industry cited a lack of resources or budget as an impediment to defending their organization against cyberattacks, followed by a lack of expertise within their ranks.
Healthcare industry lags behind in cyber security investments
The recent cyberattack on Anthem, the nation’s second largest health insurer, sent shock waves through the industry. However, many technology experts weren’t surprised that it happened, including our own Chief Information Security Officer, Johan Hybinette.
“Healthcare organizations have historically invested comparatively less resources on security than other industries,” Hybinette notes. “And hackers have become increasingly sophisticated in their attacks. This has resulted in healthcare organizations struggling to create a solid, proactive defense against cyber threats.”
Cyber criminals have also discovered the ease in which they can obtain personally identifiable information such as names, birthdates and social security numbers from healthcare organizations. And as we shared in our blog post, Five Security Tips for Healthcare Organizations, a set of medical data that can containing that type of information can fetch between $20 and $200 on the black market.
Healthcare organizations prioritize compliance over cyber security
Cyber security may be on every organization’s radar, however, it’s not always their top priority. Sixty-eight percent of healthcare respondents said that cyberattacks were increasing in severity, and 77 percent saw a rise in frequency, yet they listed compliance as their number one priority. While achieving and maintaining a strong HIPAA compliant posture is essential for many healthcare organizations, security experts – including those at HOSTING – emphasize that compliance doesn’t equate to security.
Healthcare leaders must step up their security stance by playing a bigger role in managing threats of all types and sizes. And while security experts agree that the Anthem breach was mostly likely caused by outside hackers, healthcare organizations must also be aware of internal threats to their security, whether malicious or accidental. In the case of Anthem, hackers had access to at least five sets of employee credentials. In last year’s attack on Target, the hacker posed as a vendor, duping an innocent employee.
Online security breaches are scary; preventing them doesn’t have to be. Listen to our on-demand webinar, Scary Facts About Online Security You Need to Know, for more information on how the HOSTING Threat Management Solution helps organizations create and maintain a strong security posture. Have questions about online security? Call us anytime to discuss your specific needs with a HOSTING security expert.