Report: Healthcare more susceptible to privacy attacks than other industries

The global healthcare industry is much more susceptible to hacking and other privacy attacks, according to a new report.

The report, published by Raytheon | Websense Security Labs, notes that compared to the average industry, healthcare entities are plagued by 340 percent more incidents. What's more, the industry is 400 percent more likely to be impacted by advanced malware attacks and 74 percent more likely to be impacted by phishing schemes, according to the report.

The authors also note that so far in 2015, nearly 84 percent of all "Dropper incidents"--in which malware is deposited via open "backdoor" channels to electronic systems--have occurred in the healthcare industry.

"It's clear that with the amount of personally identifiable and proprietary information available and inherent as part of the healthcare industry, it will remain an attractive target to attackers and a potential weak point for untrained employees," the authors say. "As healthcare continues to avail itself of the technology and advantages of the Internet of Things, it's crucial that its practitioners and executives become more cognizant of how to protect their organizations and the individuals who use their services."

A survey published last month from consulting firm KPMG found that 81 percent of 223 healthcare executives said their organizations have been the target of cyberattacks during the past two years. Only half of those executives said they thought their organizations were adequately prepared to thwart such attacks.

Several providers and payers have announced large hacks in 2015, including UCLA Health, in which information for 4.5 million individuals was compromised, and Anthem, which impacted close to 80 million current and former customers.

Seattle Children's Hospital Chief Information Security Office Cris Ewell, at a healthcare security conference in the District of Columbia earlier this month, called the elimination of cybersecurity threats an impossible goal, and urged organizations to be flexible in its privacy efforts. Specifically, he said, asset profiling and inventory management should be top-of-mind efforts.

"This is all about minimizing your electronic attack surface," Ewell said. "Reconnaissance is one of the first things our adversaries do. You'd be amazed at the amount of information I could gather on all of you, as well as your institutions, down to the actual systems you use."

To learn more:
- download the report (registration required)