More than one in three healthcare organizations have suffered a cyberattack within the last year, while almost one in 10 have paid a ransom or extortion fee, according to the results of a survey from cybersecurity solutions provider Imperva.
That\'s right: nearly 10% of healthcare providers have paid off cyber thieves who were holding valuable data. Perhaps this included your health records.
Healthcare Data Is Worth Big Bucks on the Dark Web
According to Imperva, healthcare data is extremely valuable on the dark web as it contains highly sensitive data, both financial and protected health information.
As a result, healthcare organizations are increasingly attractive to attackers.
Additionally, with the introduction of web-based healthcare portals and remote patient mobile technology, managing security within healthcare organizations has become more difficult.
Healthcare IT Professionals Fear Ransomware
Imperva\'s survey of 102 Healthcare IT professionals, which was carried out at the 2018 Healthcare Information and Management Systems Society (HIMSS) Conference, revealed that 77 percent of respondents were very concerned about a cybersecurity event striking their organization and 15 percent admitted that their organization\'s ability to handle a cyberattack needed work.
Survey respondents were asked what attacks caused them the most concern, and the most cited response was ransomware (32 percent).
In the last year, there have been numerous examples of hospitals suffering ransomware infections, where they have been left at a complete standstill and unable to access patient data.
Attackers know that if a healthcare organization does not have a mitigation strategy in place, they will likely opt to pay a ransom, rather than risk losing access to patient files entirely.
However, research has shown that 50 percent of organizations never get their data back even when they do pay the ransom. That\'s scary.
Regarding insider threats, respondents were most concerned about careless users (51 percent). Additionally, 27 percent said a lack of tools to monitor employees and other insider activities makes detecting insider threats difficult.
Thirty-two percent indicated that collecting information from diverse security tools is the most time-consuming task when investigating or responding to insider threats.