4 in 5 health orgs hit by cyber crooks
More than 80 percent of healthcare chief information officers, chief technology officers and other security leaders polled by KPMG say their organizations have been victimized by at least one cyberattack in the past two years -- and many still feel like sitting ducks.
These attacks are increasing, according to KPMG's 2015 Healthcare Cybersecurity Survey, which polled 223 CIOs, CTOs, chief security officers and chief compliance officers at providers and payers nationwide: 13 percent said they're targeted by daily hacking attempts; 12 percent see two or more attacks each week.
[See also: Healthcare security: Adapt or die.]
But most worrisome, even while 81 percent of those surveyed have been recently compromised by malware, botnets, or other cyberattacks, just barely more than half – 53 percent of providers, 66 percent of payers – say they feel adequately prepared for a cyberattack.
Some 16 percent of healthcare organizations, for instance, said they're unable to detect in real time whether their systems are compromised.
"Healthcare executives are struggling to safeguard patient records," said Michael Ebert, leader in KPMG's healthcare & life sciences cyber practice, in a press statement. "Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed. A key goal for execs is to advance their institutions' protection to create hurdles for hackers."
Malware was the most common threat, according to the survey, experienced by 65 percent of survey respondents. Botnets attacks and internal compromise by employees were cited by 26 percent.
[See also: Report: Healthcare state of security a mixed bag.] [See also: Hackers swipe data of 4.5M at UCLA Health System in massive cyberattack.]
External attackers (65 percent), sharing data with third parties (48 percent), employee breaches (35 percent), wireless computing (35 percent) and inadequate firewalls (27 percent) were the most common vulnerabilities cited by poll respondents.
Despite this awareness, too few organizations are prepared to detect and respond to cyberthreats, according to KMPG.
"Healthcare organizations that can effectively track the number of attempts have less cause for worry than those who may not detect all of the threats against their systems," said Greg Bell, who leads KPMG's cyber practice.
"The experienced hackers that penetrate a vulnerable healthcare organization like to remain undetected as long as they can before extracting a great deal of content," he added, "similar to a blood-sucking insect."