Ransomware attacks more rampant than many hospitals might think, Kaspersky says
According to a new report from Kaspersky Lab, healthcare employees in the U.S. and Canada not only admit their organizations have fallen victim to ransomware cybersecurity attacks, they also claim it wasn’t a one-time occurrence.
The report, titled “Cyber Pulse: The State of Cybersecurity in Healthcare,” stems from a survey conducted by research firm Opinion Matters that included 1,758 healthcare employees in roles ranging from doctors and surgeons to administration and IT staff. All were located in the United States and Canada.
WHY IT MATTERS
The findings expose a “continuous pattern of ransomware cybersecurity attacks plaguing organizations” in the healthcare industry. It also shed light on employee perceptions and behaviors.
Among the results, one important finding showed that organizations don’t always learn their lesson the first time around. Of the respondents who stated they were aware a ransomware cybersecurity attack had taken place in their organization, 33 percent noted that it had happened more than once.
THE TREND
Just this year, there have been more than 100 hacking/IT-related healthcare organization incidents affecting 500 or more individuals, according to the U.S. Department of Health and Human Services, tasking healthcare IT staff with the monumental challenge of preventing future incidents in their own systems.
More than one-in-four healthcare IT employees in North America admitted their employer has experienced a ransomware cybersecurity attack within the past year and of those healthcare employees aware of a cyberattack occurring, 85 percent of Canadians and 78 percent of Americans said their organizations had fallen victim to up to five ransomware cybersecurity attacks in the past five years or more, showing missed opportunities to learn lessons and implement new best practices.
The repeated attacks, however, are not for lack of caring on the part of employees, the survey said. In fact, for 71 percent of responding employees, the top reason healthcare employees cared about having cybersecurity measures in place at their organizations was to protect patients, followed by 60 percent who said they wanted to protect people and organizations they work with. Finally, and nearly a third of respondents said they didn’t want to lose their job thanks to not having adequate cybersecurity measures.
Additionally, employees are willing and able to be vigilant, with 57 percent of employees of very small businesses saying they would report a suspicious email to their employer’s IT team, as opposed to almost three quarters of those working at small or medium businesses and 79 percent of employees working at enterprises.
ON THE RECORD
“Through our study, we found that healthcare employees in North America were confident that their organization would not suffer a data breach in the forthcoming year, but whether they realize it or not, their industry is suffering hundreds of breaches a year,” said Rob Cataldo, vice president of enterprise sales at Kaspersky Lab. “Healthcare companies have become a major target for cybercriminals due to the successes they’ve had, and repeatedly have, in attacking these businesses. As organizations look to improve their cybersecurity strategies to justify employee confidence, they must examine their approach. Business leaders and IT personnel need to work together to create a balance of training, education, and security solutions strong enough to manage the risk.”
Twitter: @BethJSanborn
Email the writer: beth.sanborn@himssmedia.com