Eighty-one percent of healthcare executives say that their organizations have been the target of cyberattacks during the past two years, and only about half feel that they are adequately prepared to thwart them, according to the 2015 KPMG Healthcare Cybersecurity Survey.
The number of attacks also is increasing, with 13 percent saying they are targeted about once a day and another 12 percent detecting two or more attacks per week. At the same time, 16 percent said they cannot detect in real time whether their systems are compromised, according to an announcement on the survey.
In the survey, 223 U.S.-based chief information officers, chief technology officers, chief security officers and chief compliance officers at healthcare providers and health plans were polled.
Healthcare organizations are facing increased security threats, the report says, due to use of electronic health records and data sharing, outdated clinical technology, insecure network-enabled medical devices and the heterogeneous nature of devices and applications used on the same network.
"The magnitude of the threat against healthcare information has grown exponentially, but the intention or spend in securing that information has not always followed," Michael Ebert, KPMG partner and healthcare leader at the firm's Cyber Practice, says in the report.
The report recommends a holistic approach to cybersecurity. Since many organizations achieved their interconnectivity by evolution, resulting in inadequate controls, many organizations need a redesign to develop a cohesive, coordinated digital strategy, the report's authors say.
The cost of a data breach has grown 23 percent since 2013, according to the Ponemon Institute. When health systems are hacked, they also often have a face many class-action lawsuits--like in the case of a recent attack at UCLA Health.
And while healthcare executives say cybersecurity has grown as a business priority at their organizations, 68 percent of respondents to a HIMSS survey said their organization had come under attack recently.
To learn more:
- read the report (.pdf)
- here's the announcement