Back in 2013, the healthcare industry took over as the highest value sector of the United States economy with about $21.8 billion in revenue. Healthcare is huge and the sensitive nature of patient information and health records puts a big target on the industry’s back for hackers. Despite heavy regulation, the healthcare industry is seriously lacking in cyber security innovation.
With so much money and sensitive information at stake for the healthcare industry, you might think companies would be on top of cyber security needs—but KPMG’s 2015 Health Care report says otherwise.
What is Threatening Healthcare Companies?
In an effort to cut costs and streamline processes, the healthcare industry has attempted to make major changes in favor of mobility and new IT solutions. According to KPMG, this modern technology is a major factor in the growing threat landscape:
- Digital patient records are giving hackers more ways to attack the industry.
- Aging electronic medical record (EMR) systems and clinical applications aren’t optimized for the latest cyber security needs.
- It’s easier than ever for electronic personal health information (ePHI) to be transmitted via mobile devices and the cloud—so it’s easier than ever for hackers to launch attacks.
- The Internet of Things (IoT) puts network-enabled applications on the same network as browsers and registration systems that can be compromised.
Breaches are Happening, But Where are They Coming From?
About 80% of healthcare executives say their IT has been compromised in some way. Data breaches are just a fact of life at this point andhealthcare industries are under constant attack.
In fact, over 50% of respondents say that they’ve experienced 50 to 350 or 350+ cyber threat attempts in the last 12 months. The number of different attack vectors out in the cyber world are impossible to count, but what are healthcare organizations most concerned about?
Healthcare executives feel that the greatest data security vulnerability in the industry is external hackers as opposed to those stemming from shared data, wireless computing or inadequate firewalls. Understandably, they are most concerned about malware finding its way into systems and infecting the entire network. Compliance violations are also a major issue, but more for healthcare providers rather than large, publicly traded organizations.
While healthcare executives say they’re most concerned about external threats and malware, they should also look inward.
The Healthcare Industry is Ill-Prepared for Modern Cyber Threats
Keeping up with increasingly sophisticated cyber criminals is a tall order for any company, but the healthcare industry is falling further behind than others. About 44% of executives responded saying that their organization only identified between 1 and 50 threats over the last year. Unfortunately, this seems to be more indicative of poor security systems – not a lack of cyber attacks.
About 25% of respondents aren’t confident in their systems’ ability to detect incidents and it’s clear that healthcare organizations could use a security operations center (SOC) upgrade. One company upgraded their SOC and saw a 1,000% increase in detected threats. Healthcare organizations need to find a better compromise between cost savings and cyber security.
Visibility is Critical for Stepping Up Cyber Security Programs
If there’s one clear take away from the KPMG report, it’s that healthcare companies just aren’t seeing the threats and breaches that are happening right under their noses.
Outfitting the SOC with the right security appliances and network monitoring tools is a good start, but it’s just as important to make sure that those devices can see 100% of traffic flowing through the organization. To ensure that all your security solutions get their network data straight from the source, use a network TAP-based connectivity solution. After all, you can’t stop what you can’t see.
How are you defending private data from attack?
[Download our free whitepaper, Protecting the Data: 5 Tools to FIght Against Today's Threats, and learn the importance network visibility plays in security.]