Four-fifths (81%) of executives at healthcare providers and payers say their information technology has been compromised by cyber-attacks, says a new report.
The 2015 KPMG Healthcare Cybersecurity Survey found that among the 223 chief information officers, chief technology officers and chief compliance officers polled, their healthcare organizations have been compromised by at least one malware, botnet or other cyber-attack during the past two years.
According to the KPMG survey, an organization is most vulnerable for an IT security attack from external attackers (65%), sharing data with third parties (48%), employee breaches (35%), wireless computing (35%) and inadequate firewalls (27%).
The breaches are likely due to vulnerabilities in the way healthcare organizations fund, manage, enable, organize and implement their IT protection. The KPMG report said the healthcare industry is behind other industries in protecting its infrastructure, with outdated technology, unsecure network-enabled medical devices and a lack of information security management processes.
“Healthcare organizations that can effectively track the number of attempts have less cause for worry than those who may not detect all of the threats against their systems,” said Greg Bell, who leads KPMG’s Cyber Practice. “The experienced hackers that penetrate a vulnerable health care organization like to remain undetected as long as they can before extracting a great deal of content, similar to a blood-sucking insect.”
Only about half of providers (53%) and 66% of payers say they’re adequately prepared for a cyber-attack. In budget terms, larger organizations are better prepared than smaller ones. However, most institutions have increased their spending to prevent cyber-attacks, though it must be on the right initiatives and fit the organization’s strategy.
KPMG advises the following solutions to prevent, monitor and manage IT security attack threats:
- Incorporation of cyber security in the technology and network architecture upfront, via strategic design.
- A well-prepared and coordinated cyber security team and a security operations center.
- Increased cyber security awareness and capabilities at all levels.
- Taking a broad view of the organization when implementing cyber security.
Survey Methodology: This report is based on data from a survey of 223 U.S.-based healthcare executives, conducted by Forbes Insights. Fifty-six percent came from for-profit organizations, and 44% from the not-for-profit sector. All had revenues of at least $500 million; 70% had revenues over $1 billion.