Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Health care industry struggling to defend against cyber attacks

Reprints
Health care industry struggling to defend against cyber attacks

Despite the high frequency of cyber attacks against health care providers and health insurers, only a little more than half of those organizations say they're prepared to safeguard data, a new analysis finds.

Eighty-one percent of health care executives said their organizations have been compromised by a cyber attack during the past two years, according to audit, tax and advisory firm KPMG L.L.P.'s 2015 Healthcare Cybersecurity survey released Wednesday.

Thirteen percent said they are targeted by external hack attempts about once a day, and 12% are targeted by two or more attacks per week, the survey showed.

Malware and botnets were the most frequently cited types of attacks, according to the survey.

Yet just 53% of executives at health care providers and 66% at health insurers said they are prepared to defend against an attack, KPMG said.

And 16% of health care organizations said they cannot detect in real-time if their systems are compromised.

According to the survey, just 13% of health care providers and payers tracked more than 350 cyber threat attempts in the last month, which shows that organizations do not understand, track, report or manage threats effectively, KPMG said in the survey. Forty-four percent tracked one to 50 attempts, and 38% tracked between 50 and 350 attempts, KPMG said. The remaining 5% didn't track any cyber threats, or weren't sure if they did.

The greatest vulnerabilities within an organization include external attackers at 65%, sharing data with third parties at 48%, employee breaches and wireless computing at 35%, and inadequate firewalls at 27%, according to the survey.

Sixty-seven percent of health care executives said the greatest information security concerns included malware infecting systems, 57% said violating or compromising patient privacy laws, and 40% cited internal vulnerabilities, such as employee theft and negligence.

“Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed,” Michael Ebert, leader in KPMG's health care and life sciences cyber practice, said in a statement. “A key goal for execs is to advance their institutions' protection to create hurdles for hackers.”

“The magnitude of the threat against health care information has grown exponentially, but the intention or spend in securing that information has not always followed,” Mr. Ebert said.

KPMG's survey, conducted in June, includes responses from 223 chief information officers, chief technology officers, chief security officers and chief compliance officers at health care providers and health plans.

Read Next