Cyberattacks Have Compromised 81% of Healthcare Organizations

A large majority of healthcare organizations have been compromised by a cyberattack during the last 2 years and only half believe they are adequately prepared for preventing these attacks, according to a survey of healthcare executives.

The 2015 KPMG Healthcare Cybersecurity Survey polled 223 chief information officers, chief technology officer, chief security officers, and chief compliance officers and found that the number of attacks has increased. According to responses, 13% of healthcare organizations are targeted by external hack attempts about once a day and another 12% said twice or more a week.

“Healthcare organizations that can effectively track the number of attempts have less cause for worry than those who may not detect all of the threats against their systems,” Greg Bell, who leads KPMG’s Cyber Practice, said in a statement. “The experienced hackers that penetrate a vulnerable health care organization like to remain undetected as long as they can before extracting a great deal of content, similar to a blood-sucking insect.”

According to KPMG reasons why healthcare organizations are facing increased security threats are: adoption of digital patient records and the automation of clinical system; the use of antiquated electronic medical record and clinical applications; the ease of distributing electronic protected health information; and the evolving threat landscape.

While external attackers (65%) remain the greatest vulnerability in data security, nearly half (48%) of respondents said sharing data with third-parties was also a top threat. The survey found that providers and payers prioritize top concerns differently when it comes to security breaches. Providers are most concerned about regulatory enforcement and litigation, while payers worry about financial loss and reputation the most.

These groups also had different responses as to their preparedness when it comes to security breaches. While two-thirds (66%) of executives at health plans said they are prepared to face a cyberattack, providers feel less ready with only 53% saying the same. However, large portions of both payers (88%) and providers (86%) have invested in information security during the past year.

“The vulnerability of patient data at the nation’s health plans and approximately 5000 hospitals is on the rise and health care executives are struggling to safeguard patient records,” said Michael Ebert, leader in KPMG’s Healthcare & Life Sciences Cyber Practice. “Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed.”