The healthcare industry sees 340% more security incidents and attacks than the average industry, according to new research from Raytheon|Websense Security Labs. The 2015 Industry Drill-Down Report – Healthcare reveals that the healthcare industry continues to be highly-targeted, due to the high value of healthcare data as well as the new wave of connected devices adding additional attack vectors to this highly complicated industry.
According to our own analysis of 2015 data breaches, the average size of a healthcare data breach is larger than ever before, despite no longer leading the number of data breaches for the year. The new research reveals some of the most effective cyber-attack tools and techniques that have affected the healthcare industry, as well as some of the challenges faced in protecting healthcare data. Highlights include:
- Healthcare networks can comprise thousands of providers, each with a complexity of data storage centres and devices, leading to an enormous attack surface
- One in every 600 attacks in healthcare involves advanced malware, with healthcare four times more likely to be impacted by advanced malware than other industries
- Most healthcare organizations lack resources (budget, administrative support, technical skills) to detect, mitigate or prevent cyber-attacks or advanced malware
- Healthcare is 74% more likely to be impacted by phishing schemes
- Up to 75% of hospital network traffic goes unmonitored by security solutions for fear improperly configured security measures could cause problems
Addressing the challenges in healthcare requires a top-down prioritization of data security, with risk assessments followed by education (key to addressing the many ways employees continue to put healthcare data at risk), policy and technology solutions to reduce the available attack surface.
“There is a realization now that it is indeed necessary to put security into the workflow, and build systems securely by design rather than as an afterthought,” Raytheon|Websense Principal Security Analyst Carl Leonard explained to HealthITSecurity. “This is really what’s going to give healthcare professionals the ability to deliver great patient care, by maintaining the trust of their clients.”
In our whitepaper, Best Practices for Healthcare Data Breach Prevention, we discuss many specific ways you can achieve data protection and compliance, including policy, process and layered-technology defences. As part of your preparedness, we recently launched Absolute DDS for Healthcare, a comprehensive onboarding program which pairs the highest level of endpoint security with expert forensic support to respond to and contain security incidents. Learn more at Absolute.com